In the wake of two major data breaches in Oregon that exposed consumers’ personal information, ACA members should understand current risks and take steps to safeguard sensitive information.
09/05/2023 3:45 P.M.
3 minute read
In an age where our personal information is increasingly vulnerable to cyberattacks, two recent data breaches in Oregon serve as stark reminders of the importance of protecting our identities.
First, the Oregon Department of Transportation (ODOT) announced that hackers had gained unauthorized access to the personal data of Oregon driver’s license, permit and ID holders.
The breach was discovered on June 1 when ODOT was alerted by the Cybersecurity and Infrastructure Security Agency (CISA) that hackers had exploited a vulnerability in the agency’s file transfer system. Notably, this discovery occurred just a day after the software company involved had identified the problem. By June 12, ODOT realized that personal identifying information from DMV files had been compromised, prompting them to issue a public warning three days later.
While personal DMV data was indeed compromised in this breach, a substantial portion of the accessed information pertained to ODOT’s internal operations. Michelle Godfrey, an ODOT spokesperson, noted that it might take weeks to fully comprehend the scale of the breach.
Then, in August, the Oregon Health Authority announced that hackers gained access to the personal information of 1.7 million current and former Medicaid members in Oregon.
The breach occurred on May 30 and was discovered on June 16. According to the Oregon Capital Chronicle, hackers exploited a vulnerability in a file transfer program to obtain the personal and medical information of members of the Oregon Health Plan, the state’s Medicaid system.
The compromised information could include name, date of birth, Social Security number, address, member ID number, plan ID number, email address, authorization information, diagnosis code, procedure code, and claim information.
The Value of Your Data
The black market for stolen information is thriving. Criminals are looking to exploit your data for various fraudulent purposes, from applying for government benefits to opening unauthorized bank accounts. According to James E. Lee, the COO of the Identity Theft Resource Center, these cybercriminals prefer low-effort, high-volume schemes.
“They don’t want to do anything that’s difficult,” Lee said. “They’re all about volume and automation.”
The good news is that you can take proactive measures to safeguard your identity. Start by checking your credit report, which can be done easily and for free. Ensure that there are no unfamiliar or suspicious entries. Additionally, freezing your credit can thwart thieves from using your information immediately. This process can be completed online and takes effect instantly.
Moreover, during these times of heightened cyber threats, you can now check your credit report once a week for the rest of the year. This frequent monitoring helps you stay ahead of potentially fraudulent activities.
What’s Next?
Previous data breaches in Oregon, such as those affecting EyeMed and Legacy Health systems, have shown how hackers can cross-reference and exploit multiple datasets. While not everyone exposed in this breach will necessarily encounter problems, the risk is real for those who do.
The Oregon Department of Justice has further tips and resources for those affected.
For accounts receivable management agencies, these breaches serve as a reminder that data security should be a top priority.
The Federal Trade Commission’s Safeguards Rule introduces core data security principles that covered companies must implement. Compliance with the rule was required starting June 9, 2023. To pass the FTC audits, you’ll need to be defensible and provide a strong case that your information security program is secure and running smoothly. To learn more, visit ACA International’s Safeguards Rule Resource Center
Remember, subscribe to ACA Daily and Member Alerts under your My ACA profile when logged in to acainternational.org to receive updates on the ACA Huddle.