On June 15, 2023, the Oregon Department of Transportation (“ODOT”) posted a public notice on its website announcing a massive data breach. Evidently, the ODOT data breach was caused by a vulnerability in the MOVEit file-transfer tool used by ODOT. Based on ODOT’s notice, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, driver’s license numbers, Oregon identification card numbers, and the last four numbers of their Social Security numbers. After confirming that consumer data was leaked, ODOT began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from the Oregon Department of Transportation or Progress Software, the creator of MOVEit, it is essential you understand what is at risk and what you can do about it. The MOVEit data breach has already affected millions of Americans and appears to be one of the largest breaches of 2023. At this early point, there is no telling how many MOVEit data breach victims will fall victim to identity theft and other frauds. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Oregon DOT data breach, please see our recent piece on the topic here.
What We Know So Far About the Oregon DOT Breach
News of the Oregon DOT data breach is still fresh; however, what we know at this point comes from the organization’s June 15, 2023 post entitled “MOVEit Data Breach.” According to this source, On June 1, 2023, ODOT learned of a vulnerability in a third-party software tool called MOVEit. MOVEit is a software tool used to transfer data files.
In response, ODOT secured its systems and then enlisted the help of state cybersecurity professionals to investigate the incident and learn more about what information was leaked. On June 12, 2023, ODOT confirmed that the hackers who carried out the cyberattack on the MOVEit program were able to access ODOT’s data, which included the personal information of approximately 3.5 million Oregon residents.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Oregon DOT began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, driver’s license number, Oregon identification card number, and the last four numbers of your Social Security number.
On June 15, 2023, Oregon DOT posted a public notice to inform anyone affected by the MOVEit data breach of the incident.
More Information About Oregon Department of Transportation
First established in 1913, the Oregon Department of Transportation is a department of the state government of Oregon that is responsible for overseeing transportation. ODOT’s responsibilities include creating and enforcing programs related to highways, roads, bridges, railways, public transportation services, transportation safety programs, driver and vehicle licensing, and motor carrier regulation. Oregon DOT employs more than 4,700 people and generates approximately $2.1 billion in annual revenue.
