Attorney general has recommendations following DMV breach

PAMPLIN MEDIA GROUP - Attorney General Ellen Rosenblum.

Oregonians have been advised to take precautions stemming from a massive data breach that involved virtually all state driver licenses.

A global cyberattack that ensnared the Oregon Driver and Motor Vehicle (DMV) Services Division last week may have compromised the records of an estimated 3.5 million license and identification card holders.

The cyberattack affected more than 2,000 organizations that use the MOVEit transfer software, including 3,000 files of the Oregon Department of Transportation. Some DMV data was copied and taken while DMV was sending it through that software to partner agencies.

Rep. Susan McLain, D-Forest Grove, is House co-chair of the Legislature’s Joint Committee on Transportation. In her weekly newsletter to constituents, she said this: “The DMV attack is apparently one of a number of global cyberattacks; the same MOVEit related cyber attacks as seen in Illinois, Minnesota, with various federal agencies, and Johns Hopkins University.”

DMV officials disclosed the breach on June 15, two days after the cyberattack. They told reporters that the delay allowed them to gather more information about the extent of the breach — but that license and ID card holders should assume their data has been hacked.

“Learning that personal information most Oregonians gave to their government has been exposed in a data breach is highly distressing,” Attorney General Ellen Rosenblum said in a statement June 16. “While the state works to identify who was impacted and what data was exposed, please follow these recommendations to stay safe.”

From the Department of Justice:

• Order copies of your free credit reports and review them for inaccuracies.

You are entitled to a free copy of each of your three credit reports, one each maintained by the national credit bureaus of Experian, Equifax, and TransUnion, each year. You can get these reports from www.AnnualCreditReport.com. These reports list your personal information, any recent bankruptcy declarations or foreclosures, and your open credit card and loan accounts, including how much you owe on each of these accounts.

If you notice loans or credit accounts on your reports that you know you never opened on your own, you know someone is using your personal information to steal your identity. You should notify the banks or financial institutions behind the credit card or loan accounts opened fraudulently in your name. Explain to these institutions that you did not apply for these accounts or loans and that you are a victim of identity theft. The financial institutions will close these accounts.

If you act quickly, you likely will not be responsible for charges made on fraudulent credit cards you didn’t apply for, and you may not have to pay back loans that thieves took out in your name.

• Consider freezing your credit.

A credit freeze prevents creditors — such as banks or lenders — from accessing your credit reports. This will stop identity thieves from taking out new loans or credit cards in your name because creditors won't approve their loan or credit requests if they can't first access your credit reports.

When you freeze your credit with each bureau, it will send you a personal identification number. You can then use that PIN to unfreeze your credit if you want to apply for a loan or credit card. You can also use the PIN to freeze your credit again after you’ve applied for loans or a new credit card.

You will have to freeze your credit with each bureau: Experian, Equifax and TransUnion.

• If you have been a victim of identity theft, place a one-year fraud alert on your credit reports.

This alert tells creditors that they must take reasonable steps to verify that it is actually you who is applying for credit or loans in your name. To do this, you only need to contact one of the three national credit bureaus. That bureau must then inform the other bureaus of your fraud alert.

• If you receive notices from the Oregon Employment Department about benefits you’ve never applied for, contact them as soon as possible.

Go online to unemployment.oregon.gov and click on "ID Theft" to fill out an ID Theft Reporting Form.

• Set up a profile change alert if you use mobile or online banking tools.

If your personal information on your bank’s website or app changes without your authorization, that is typically a sign of identity theft. To stay safe, set up a profile change alert through your bank’s website or app. The alert can warn you when there’s been a change to your login information.

• If you have been a victim of identity theft, report it immediately. If you suspect that a criminal has used your driver’s license information to steal your identity, make a report online at IdentityTheft.gov.

For more information about identify theft, visit the Oregon Department of Justice online at https://www.doj.state.or.us/consumer-protection/id-theft-data-breaches/identity-theft/ or call the state consumer hotline at (877) 877-9392.

Success! An email has been sent to with a link to confirm list signup.

Error! There was an error processing your request.

Get the best independent source of news and analysis of Oregon state government delivered to your inbox twice a week.

[email protected]

I was really pissed when I saw the response until I did further research and found that this wasn't really the DMV's fault and their slow response to the public was due to getting all the people in the DMV on the same page as to how to respond to the public should they call in. Unfortunately the only one that can do anything to help us is ourselves and it could be a long time before our actual personal data gets sold to some other criminals. Could have already happened as well so we all have to be vigilant. The only issue I have is that you have to go to a web site where you have to GIVE ALL YOUR PERSONAL information, yet to another third party. I am not really going to do that. I try to minimize where my information is mostly due to data leaks and breaches. Criminals have sure F-UP'd the cool things in our lives, and now our country has more and more criminals, like it is a viable career path.

What, if anything, will Oregon DMV do if someone’s credit gets tanked or worse because of this data breach? Will OR-DMV offer to help the person get their credit restored and pay for attorney fees to fight creditors who come after an Oregonian who has been a victim of fraud because of their poor mismanagement of our personal information? I say not likely!

The Oregon Attorney general needs to step down and resign.

Log In

Keep it Clean. Please avoid obscene, vulgar, lewd,racist or sexually-oriented language.PLEASE TURN OFF YOUR CAPS LOCK.Don't Threaten. Threats of harming anotherperson will not be tolerated.Be Truthful. Don't knowingly lie about anyoneor anything.Be Nice. No racism, sexism or any sort of -ismthat is degrading to another person.Be Proactive. Use the 'Report' link oneach comment to let us know of abusive posts.Share with Us. We'd love to hear eyewitnessaccounts, the history behind an article.