In June 2023, DataBreaches reported that the Oregon Department of Motor Vehicles (DMV) had become a victim of the MOVEit breach by Clop. The DMV reported that 3.5 million drivers may have been affected. At the time, the state issued a statement saying, in part:
We do not have the ability to identify if any specific individual’s data has been breached. Individuals who have an active Oregon ID or driver’s license should assume information related to that ID is part of this breach. We recommend individuals take precautionary measures to protect themselves from misuse of this information, such as accessing and monitoring personal credit reports.
Now the state is being sued. OregonLive reports:
A pair of Oregonians have filed a lawsuit that could force the state to pay up – to the tune of many millions of dollars – for a massive international data breach last year that victimized 3.5 million Oregon residents whose driver license and ID card information was stolen.
The plaintiffs, Caery Evangelist and Brian Els, are seeking class-action status for all affected state residents whose information – including names, addresses, dates of birth, last four digits of Social Security numbers, heights and weights – were hacked in May 2023 by a Russian cybergang, according to the lawsuit filed Friday in Marion County Circuit Court.
Read more at OregonLive.