The recent cyberattack on the Oregon Department of Motor Vehicles and other agencies is a good reminder of the importance of monitoring your credit report.
Checking your report is more than knowing your credit standing, it can show any recent purchase activity made with your credit. Noticing unauthorized activity and acting quickly can make it easier to recover if you are ever a victim of identity fraud.
How to access your credit report
You can get your credit report from several sources or buy it from one of the three major credit reporting agencies. You can also take advantage of Mid Oregon’s free, secure option Credit Savvy in Digital Banking. When you enroll, you will receive anytime, anywhere access to your credit score, as well as key information from your credit report. You can also sign up for emails to alert you to changes to your credit report.
In the age of increased identity fraud, there’s never been a more crucial time to pay attention to your credit report.
More about the Oregon DMV breach
Stickley on Security. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), several U.S. federal government agencies, including the Oregon DMV, have fallen victim to a global cyberattack involving MOVEit software.
MOVEit is a file-transfer software developed by Progress Software Corporation. It is widely used by organizations for secure and managed file transfers. It provides a reliable and controlled method of transferring files both within an organization and between different entities. It offers encryption and advanced security features to protect files in transit. Recently, a zero-day vulnerability against MOVEit file transfer software was discovered. Government agencies were ordered to immediately apply the patch released by the developer.
It remains uncertain whether the hackers responsible for breaching these federal agencies are affiliated with the Russian-speaking ransomware group known as Clop, which has claimed responsibility for numerous other victims in their hacking campaigns. Notably, this includes a recent attack against a third-party agency providing human resources services to the British Broadcasting Corporation (BBC) and British Airways.
While several agencies, such as the Transportation Security Administration (TSA) and the State Department, denied being victims of this particular attack, the incident contributes to an increasing number of victims affected by an extensive hacking campaign initiated recently. Other targets have included major U.S. universities, including the University of Georgia system, as well as various state governments.
As with all ransomware attacks, the attackers set a deadline for victims to contact them regarding ransom payment at less than a week from the date of the attack. Per the usual tactics, after the deadline for the payment expires, they claim they will disclose additional alleged victims on their dark web extortion site. And as usual, anyone who receives a ransomware note should not pay the ransom. Criminals in general are not known to stand by their word and it’s likely they will disclose the information whether they get payment or not.
In addition, make regular backups of any important data that may be vulnerable and keep those copies out of reach, meaning off the network. Test them once in a while too, to make sure they are ready to go in case you need them. You’ll be happy if you do.
This latest hacking campaign underscores the widespread impact that a single software vulnerability can have when exploited by skilled criminals. It is crucial to update any outdated software versions on systems and devices. For products that are no longer supported, such as Microsoft Internet Explorer, users should transition to a supported version. Once developers end support for a product, they no longer create patches to address such vulnerabilities.