PORTLAND, Ore. — The data breach reported by the Oregon Department of Transportation this week potentially impacts 3.5 million Oregonians. Anyone with an active driver's license or state ID should assume that their personal information could be compromised, ODOT officials said Thursday.
It's an uncomfortable but increasingly common situation for individual consumers in an era of frequent cyberattacks and data breaches, but there are steps you can take to protect yourself if you're concerned that your information is out in the wild.
One of the biggest risks following a data breach is that malicious actors could use your stolen personal information to impersonate you and commit financial fraud by opening a loan or line of credit in your name, potentially damaging your credit score or leaving you stuck with the bill for fraudulent charges. It should be noted, your credit score won't be affected solely by having your data compromised in a breach.
The best way to stay on top of these kinds of attacks is to keep a close eye on your credit, and ODOT offered advice this week about some steps Oregonians can take to protect themselves.
These precautions aren't limited to the Oregon DMV hack; they're good tips for anyone to remember following a data breach, and you may have already done some of them after the 2017 Equifax breach, which put 143 million people's personal data at risk.
Check your credit report
ODOT suggested that Oregonians start by asking for credit reports. Federal law entitles you to receive a free copy of your own credit report at least once every 12 months from each of the three big consumer credit reporting agencies: Equifax, TransUnion and Experian.
A credit report can provide information about people or groups who have received a person's credit history. Reports can be requested at annualcreditreport.com or by calling 1-877-322-8228, ODOT said.
When the report arrives, check for any unrecognized transactions or accounts, and report anything suspicious by calling the number listed on the report or visiting the Federal Trade Commissions identity theft website at consumer.gov/idtheft, ODOT said.
Enable fraud alerts
Some companies have offered free credit monitoring to affected customers following data breaches, although ODOT didn't mention that possibility in this case. But there's a general-purpose option available to anyone: fraud alerts.
You can request fraud alerts on your credit report from any of the three big credit reporting agencies, according to the Federal Trade Commission, which will make it so businesses have to verify your identity before issuing credit in your name, making it harder for scammers to impersonate you.
Fraud alerts generally come with a free copy of your credit report when they're put in place. The alerts only last for one year, but they're free to implement and can be renewed.
There's also an option for an extended fraud alert, which lasts for seven years and allows you to receive more frequent copies of your credit report. However, it's only available if you've had your identity stolen and reported it to the FTC or police, rather than simply being concerned about the possibility.
Freeze your credit
You can also ask each of the three credit monitoring agencies to freeze your credit reports, restricting access to only a limited number of entities and preventing any new credit accounts from being opened in your name.
You can undo the freeze later if you need to apply for a new loan or line of credit, and there are often options for a temporary unfreezing or to leave the freeze in place but make an exception for the specific institution where you're trying to open the new account.
Simpler transactions such as job applications, apartment rental agreements or insurance purchases can still be conducted even with the freeze in place, according to the FTC.
Freezes are open-ended, so if you already froze your credit after a prior data breach, it should still be frozen today. If you haven't already done it, a freeze can be requested using the following numbers or websites, ODOT said:
- Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
- Experian: experian.com/help or 1-888-397-3742
- TransUnion: transunion.com/credit-help or 1-888-909-8872
Other protection tips
ODOT only recommended checking credit reports and freezing credit in this case, but it's worth noting that the type of personal information stolen can vary between different data breaches at different companies, so there may be additional precautions worth exploring after other cyberattack incidents.
Some breaches, such as Equifax in 2017 and Burgerville in 2018, resulted in customers' credit card information being stolen. In those cases, the companies recommended that customers keep a close eye on their credit card statements and immediately report any suspicious or unauthorized charges.
Even a small transaction is cause for concern if you don't recognize it; after the Equifax hack, experts cautioned that identity thieves will often start with small charges to see if they can get away with it, then move up to bigger purchases if the card keeps working.
Experts also recommended that people file their income taxes as early as possible in the year following the Equifax breach, in case scammers tried to use stolen personal information to file false tax returns first and pocket the refunds.
Finally, data breaches can sometimes put you at risk of having your online accounts hacked, either because the breach includes passwords or because bad actors may be able to use stolen personal information to learn the correct answers to your account's security questions.
The best way to protect against either of these scenarios is to always use two-factor authentication wherever it's available, creating another layer of security that might stop a scammer who already knows your username and password.