PORTLAND, Ore. — The Oregon Department of Transportation announced Thursday that it was recently hit by a cyberattack, potentially compromising the personal information of 3.5 million Oregonians.
The stolen information was connected to driver's license and state ID card records, prompting one viewer to ask KGW if they should cancel an upcoming license renewal appointment at an Oregon DMV office.
It's a reasonable question; other recent cyberattacks have crippled corporate computer systems and operations, and federal officials have described the criminal group behind the ODOT breach as a ransomware gang.
ODOT's Thursday announcement didn't say anything about ongoing impacts to DMV operations, so KGW reached out for a direct confirmation.
THE QUESTION
Are Oregon DMV offices still operating after the data breach?
THE SOURCES
THE ANSWER
Yes, all Oregon DMV offices are open and operating normally. Anyone intending to visit a DMV office or conduct an online DMV transaction can proceed as planned.
WHAT WE FOUND
ODOT is among a growing group of companies and agencies worldwide that have all been hit by a series of related data breaches, the full scope of which didn't start to become clear until this week.
The breaches all stem from a vulnerability in a third-party software tool called MOVEit Transfer that was used by all of the affected organizations to move sensitive files between businesses and customers.
The U.S. Cybersecurity & Infrastructure Security Agency issued a warning on June 1 that the makers of MOVEit had discovered a vulnerability in their software that could allow attackers to take over systems.
ODOT said Thursday that it took immediate action to secure its systems after the CISA notice and is confident that they are working safely. When asked on Friday, DMV public information officer Michelle Godfrey added that ODOT patched its systems immediately after learning of the breach.
DMV offices and transactions are performing as usual, she said, and new transactions will not be affected. In other words, someone who goes to an Oregon DMV office for a new driver's license today is not at risk of having their personal data stolen through the MOVEit hack.
It's unclear whether operations and systems were directly affected at any of the impacted companies; so far, the damage appears to have been limited simply to stolen information.
In a follow-up notice on June 7, CISA said a "ransomware group" known as CL0P began exploiting the MOVEit vulnerability in May, using it to inject malware that could steal data from MOVEit users.
The term "ransomware" usually refers to malicious software that gains access to a victim's computer system and then encrypts the data so the users can't access it, typically offering the victim a purported decryption key in exchange for a ransom payment.
The extortion scheme in this case appears to be different; CL0P has threatened to dump the stolen data online unless the victims pay a ransom, according to the Associated Press, but news coverage hasn't mentioned any of victims' systems getting encrypted.
Got a question or a story about Portland or Oregon that you'd like us to VERIFY? Drop us a line at verify@kgw.com.