The Oregon Department of Motor Vehicles announced that they were the victims of a data breach that is estimated to compromise 3.5 million driver’s licenses and ID cards. This data breach happened about two weeks ago, and they have since been scrambling around to try and resolve this issue and prevent as much widespread damage as possible. However, while they did find out about the breach not long after it happened, they did not realize until last Monday the breadth it had in the state. According to the DMV spokesperson, Michelle Godfrey, last Monday was when they became aware that the hacking caused nearly 90% of the state’s license and ID card files to be compromised.
Two hours after the DMV became aware of the hacking, all DMV accounts were put on lockdown.
Originally the state agency was going to wait until Friday to make a public statement regarding the matter, but ultimately did the day before. They felt the need to as many had already reached out to them for comment due to news leaking of a possible breach. In their statement, Michelle Godfrey advised Oregonians to keep tabs on their credit reports and be aware of any suspicious activity that may be fraudulent.
The entire process for the DMV to realize how much of their data was compromised took several days of investigation and analysis.
The agency was one of many affected by a far larger hacking scheme. Numerous major databases were hacked when the software MOVEit Transfer was hacked, affecting organizations across the globe.
Behind the scenes before the announcement of the data breach, the DMV was working to ensure that had proper care and protocol in effect. They did not want to give any power to the hackers by publicizing the information of the hacking without having all of the information they needed together and knowing how to do damage control after.
After all of their analysis and investigation, they did come to the unfortunate conclusion that millions of Oregonians with driver’s licenses and ID cards had their sensitive personal information compromised in the breach. The agency included in its statement that it is highly likely that if someone in the state of Oregon had a driver’s license or ID card that any information associated with it was compromised. They have stated they are unable to pinpoint specific individuals who have been compromised, which is why they are advising anyone with a license or ID card in their systems to be aware of the situation and keep tabs on their credit reports.