What can hackers do with stolen DMV information? Cybersecurity firms lay out the risks

Published 9:36 am Tuesday, June 27, 2023

The data breach at the Oregon Driver and Motor Vehicle Services Division, which left potentially millions of Oregonians with compromised identities, was part of a larger attack on hundreds of governments, universities and corporations, likely led by a Russian ransomware gang.

And cybersecurity groups are warning Oregonians to be careful.

On June 1, Oregon DMV learned that a popular file-transfer software it uses was hacked, and that data records for Oregon driver’s licenses, permits and ID cards were accessed.

Hackers were able to obtain the names of 3.5 million people with Oregon driver’s licenses or ID cards, as well as their home and mailing addresses, their license numbers and the last four digits of their Social Security number, according to the DMV.

John Jackson, the owner and CEO of Bytagig, a cybersecurity company in Milwaukie, said the security breach is “huge.”

“This breach is one of the biggest in Oregon and affects not only Oregonians, but also has similarities with breaches on the federal level and in other states,” Jackson told Pamplin Media. “It exposes personal information linked to driver’s licenses, posing risks of identity theft and financial fraud.”

The nightmare scenario for Oregonians is identity theft, Jackson said. Crooks who buy the data may be able to open new credit cards or apply for loans and bank accounts. If they can impersonate you by answering security questions, they are in.

“Hackers can gain access to existing accounts, including bank and nonfinancial accounts,” Jackson said. “This can result in a complete takeover of someone’s life, including internet and cellular services.”

Credit card breaches are easy to stop, as they can be shut down quickly with no liability for the owner, but when bank accounts are compromised, Jackson said, things get more challenging.

“Hackers can reset bank passwords and perform unauthorized transactions,” he said. “Monitoring credit reports and regularly checking bank accounts for suspicious activity is crucial.”

The U.S. Cybersecurity and Infrastructure Security Agency has attributed the attacked to a Russian-linked ransomware gang, known as Clop, which took advantage of a flaw in a popular file transfer tool called MOVEit, which is used to move large files between servers.

The hack didn’t just hit Oregon DMV. The number of state and federal agencies impacted by the breach are not known, but several hundred local and federal governments, universities and corporations are believed to have been accessed, including the U.S. Department of Energy, Johns Hopkins University, British oil and gas giant Shell and others, including the governments of Missouri, Illinois and Nova Scotia, in Canada.

Agency officials have described the breach as “opportunistic.” Hackers took advantage of a vulnerability in the software that had not been previously discovered.

“The vulnerability exploited in this attack was a zero-day flaw, meaning the hackers started exploiting it on the same day it was discovered,” Jackson said.

Clop has stated that it automatically deleted data stolen from government agencies, but state authorities and local cyber security firms are warning Oregonians to be careful.

Unfortunately, there isn’t much people can do to protect the identities of Oregonians now that the information has been compromised. Scott Carr, a senior network architect with Farmhouse Networking, a cybersecurity firm based in Grants Pass, said Oregonians should freeze their credit and take actions to reverse damages, if they see suspicious activity on their credit reports.

Jackson said all Oregonians can do is monitor bank and other online accounts for suspicious activity.

“Organizations need to remain vigilant and address zero-day vulnerabilities promptly,” Jackson said. “Regularly updating devices, implementing patches, and staying informed about software system vulnerabilities are crucial to maintaining security.”

The Oregon Department of Justice recently offered this advice to consumers worried about the massive hack of data from the Oregon Driver and Motor Vehicle Service Division:

• Order copies of your free credit reports and review them for inaccuracies.

You are entitled to a free copy of each of your three credit reports, one each maintained by the national credit bureaus of Experian, Equifax, and TransUnion, each year. You can get these reports from www.AnnualCreditReport.com. (See the box above for details.) If you notice loans or credit accounts on your reports that you know you never opened on your own, you should notify the banks or financial institutions behind the credit card or loan accounts opened fraudulently in your name.

• Consider freezing your credit.

A credit freeze prevents creditors — such as banks or lenders — from accessing your credit reports. This will stop identity thieves from taking out new loans or credit cards in your name because creditors won’t approve their loan or credit requests if they can’t first access your credit reports. You will have to freeze your credit with each bureau: Experian, Equifax and TransUnion.

• If you have been a victim of identity theft, place a one-year fraud alert on your credit reports.

This alert tells creditors that they must take reasonable steps to verify that it is actually you who is applying for credit or loans in your name. To do this, you only need to contact one of the three national credit bureaus. That bureau must then inform the other bureaus of your fraud alert.

• If you receive notices from the Oregon Employment Department about benefits you’ve never applied for, contact it as soon as possible.

Go online to unemployment.oregon.gov and click on “ID Theft” to fill out an ID Theft Reporting Form.

• Set up a profile change alert if you use mobile or online banking tools.

If your personal information on your bank’s website or app changes without your authorization, that is typically a sign of identity theft. To stay safe, set up a profile change alert through your bank’s website or app. The alert can warn you when there’s been a change to your login information.

• If you have been a victim of identity theft, report it immediately. If you suspect that a criminal has used your driver’s license information to steal your identity, make a report online at IdentityTheft.gov.

For more information about identify theft, visit the Oregon Department of Justice online at https://www.doj.state.or.us/consumer-protection/id-theft-data-breaches/identity-theft/ or call the state consumer hotline at 877-877-9392.