Attorney general has recommendations for Oregonians following DMV data breach

Published 3:35 pm Monday, June 19, 2023

Oregonians have been advised to take precautions stemming from a massive data breach that involved virtually all state driver licenses.

A global cyberattack that ensnared the Oregon Driver and Motor Vehicle (DMV) Services Division last week may have compromised the records of an estimated 3.5 million license and identification card holders.

The cyberattack affected more than 2,000 organizations that use the MOVEit transfer software, including 3,000 files of the Oregon Department of Transportation. Some DMV data was copied and taken while DMV was sending it through that software to partner agencies.

DMV officials disclosed the breach on June 15, two days after the cyberattack. They told reporters that the delay allowed them to gather more information about the extent of the breach — but that license and ID card holders should assume their data has been hacked.

“Learning that personal information most Oregonians gave to their government has been exposed in a data breach is highly distressing,” Attorney General Ellen Rosenblum said in a statement June 16. “While the state works to identify who was impacted and what data was exposed, please follow these recommendations to stay safe.”

The Department of Justice offered this advice to consumers:

• Order copies of your free credit reports and review them for inaccuracies.

You are entitled to a free copy of each of your three credit reports, one each maintained by the national credit bureaus of Experian, Equifax, and TransUnion, each year. You can get these reports from www.AnnualCreditReport.com. (See the box above for details.) If you notice loans or credit accounts on your reports that you know you never opened on your own, you should notify the banks or financial institutions behind the credit card or loan accounts opened fraudulently in your name.

• Consider freezing your credit.

A credit freeze prevents creditors — such as banks or lenders — from accessing your credit reports. This will stop identity thieves from taking out new loans or credit cards in your name because creditors won’t approve their loan or credit requests if they can’t first access your credit reports. You will have to freeze your credit with each bureau: Experian, Equifax and TransUnion.

• If you have been a victim of identity theft, place a one-year fraud alert on your credit reports.

This alert tells creditors that they must take reasonable steps to verify that it is actually you who is applying for credit or loans in your name. To do this, you only need to contact one of the three national credit bureaus. That bureau must then inform the other bureaus of your fraud alert.

• If you receive notices from the Oregon Employment Department about benefits you’ve never applied for, contact it as soon as possible.

Go online to unemployment.oregon.gov and click on “ID Theft” to fill out an ID Theft Reporting Form.

• Set up a profile change alert if you use mobile or online banking tools.

If your personal information on your bank’s website or app changes without your authorization, that is typically a sign of identity theft. To stay safe, set up a profile change alert through your bank’s website or app. The alert can warn you when there’s been a change to your login information.

• If you have been a victim of identity theft, report it immediately. If you suspect that a criminal has used your driver’s license information to steal your identity, make a report online at IdentityTheft.gov.

For more information about identify theft, visit the Oregon Department of Justice online at https://www.doj.state.or.us/consumer-protection/id-theft-data-breaches/identity-theft/ or call the state consumer hotline at 877-877-9392.