The recent data breach at the Oregon Department of Motor Vehicles likely exposed the personal data of over 3 million Oregonians and is thought to have involved virtually every driver’s license in the state. This cyberattack is the most recent in a long line of incidents where criminals have stolen large batches of sensitive data with an eye toward identity theft and financial fraud.

At this point, everyone should accept that their name, address, and Social Security number are probably already in the hands of bad actors. There have been so many hacks at such a variety of institutions that we should all assume this is a “when” not an “if” problem. (Note: the Oregon DMV has indicated that full Social Security numbers were not part of the data that was stolen, only the last four digits).

Here are several important steps you can take to protect yourself from the impact of this and other similar attacks:

1. Review your credit report for fraudulent activity at www.annualcreditreport.com.
2. Freeze your credit with the three major agencies. It’s free and quick to do:
   1. Equifax: www.equifax.com/personal/credit-report-services
   2. Experian: www.experian.com/help
   3. TransUnion: www.transunion.com/credit-help
3. Be diligent with your email: email is the key to the castle for many cyber criminals because they are lazy and they know many emails users are lazy too. Be careful not to open links from senders you do not recognize. Never email your Social Security number, credit card information, or any other sensitive data, no matter who appears to have requested it. If you receive a request for personal data from a company with whom you have a relationship, then pick up the phone and call the company rather than replying to that email.
4. Be careful when shopping online. A few high-level items to keep in mind:
   1. If it is too good to be true, it probably is. This ought to be at the top of your mind when shopping anywhere, internet or otherwise.
   2. Be wary of sites not using “.com” or “.net.” The FBI released a list of the most commonly fraudulent top-level domains and highlighted “.club,” “.top,” “.live,” “.buzz,” “.fit,” “.co,” and “.wang.” If you are shopping on a site that ends in these letters, be careful. If you are shopping on a major U.S. retailer’s site and see these letters at the end, then you are probably viewing a fraudulent version of that retailer’s site.
   3. If a seller looks questionable, go to www.whois.com and search for information on who runs the site and how long they have been running it. If the site is brand new, this ought to be a red flag.
   4. Most retailers have a brick and mortar location listed on their website, together with a phone number and/or email address. Calling or emailing the contact information is a good way to get a sense for whether a site is legitimate.

Protecting your identity from fraud is an ongoing process that requires diligence and occasional action. I hope the steps outlined above help you protect your data. Please reach out to our team if you would like to talk about the different ways we look to protect and grow our clients’ wealth.