While the ransomware attack on the Oregon Department of Environmental Equality (DQE) is making headlines this month, there was also an update to a lawsuit stemming from the MOVEit breach in 2023 that affected 3.5 million Oregonians whose driver’s license and identity information was held by the Oregon Driver and Motor Vehicle Services. Aimee Green reports:
An Oregon judge last week threw out a lawsuit that sought to recover damages for as many as 3.5 million Oregonians whose driver license or ID card information was stolen in a massive international data breach in 2023.
Marion County Circuit Judge James Edmonds dismissed the case with prejudice — meaning it can’t be refiled — after the state of Oregon argued that plaintiffs’ lawyers couldn’t directly link the theft of personal information to any Oregonian suffering financial losses. Although the plaintiffs’ lawyers pointed to one case where someone tried to open a Chase Visa card account, the bank caught the fraudulent application and shut it down before any damage was done, lawyers for the state successfully contended.
The plaintiffs, Caery Evangelist, Brian Els and Bradley Larios, sought class-action status for all affected state residents whose information – including names, addresses, dates of birth, last four digits of Social Security numbers, heights and weights – were hacked in May 2023 by a Russian cybergang, according to the lawsuit.