The data breach at the Oregon Driver and Motor Vehicle Services Division, which left potentially millions of Oregonians with compromised identities, was part of a larger attack on hundreds of governments, universities and corporations, likely led by a Russian ransomware gang.

And cyber security groups are warning Oregonians to be careful.

On June 1, Oregon DMV learned that a popular file transfer software it uses was hacked, and that data records for Oregon driver’s licenses, permits and ID cards were accessed.

Hackers were able to obtain the names of 3.5 million people with Oregon drivers licenses or ID cards, as well as their home and mailing addresses, their license numbers and the last four digits of their Social Security number, according to the DMV.

John Jackson, the owner and CEO of Bytagig, a cyber security company in Milwaukie, said the security breach is “huge.”

“This breach is one of the biggest in Oregon and affects not only Oregonians, but also has similarities with breaches on the federal level and in other states,” Jackson told Pamplin Media. “It exposes personal information linked to driver’s licenses, posing risks of identity theft and financial fraud.”

The nightmare scenario for Oregonians is identity theft, Jackson said. Crooks who buy the data may be able to open new credit cards or apply for loans and bank accounts. If they can impersonate you by answering security questions, they are in.

“Hackers can gain access to existing accounts, including bank and non-financial accounts,” Jackson said. “This can result in a complete takeover of someone’s life, including internet and cellular services.”

Credit card breaches are easy to stop, as they can be shut down quickly with no liability for the owner, but when bank accounts are compromised, Jackson said, things get more challenging.

“Hackers can reset bank passwords and perform unauthorized transactions,” he said. “Monitoring credit reports and regularly checking bank accounts for suspicious activity is crucial.”

The U.S. Cybersecurity and Infrastructure Security Agency has attributed the attacked to a Russian-linked ransomware gang, known as Clop, which took advantage of a flaw in a popular file transfer tool called MOVEit, which is used to move large files between servers.

The hack didn’t just hit Oregon DMV. The number of state and federal agencies impacted by the breach are not known, but several hundred local and federal governments, universities and corporations are believed to have been accessed, including the U.S. Department of Energy, Johns Hopkins University, British oil and gas giant Shell and others, including the governments of Missouri, Illinois and Nova Scotia, in Canada.

CISA officials have described the breach as “opportunistic.” Hackers took advantage of a vulnerability in the software that had not been previously discovered.

“The vulnerability exploited in this attack was a zero-day flaw, meaning the hackers started exploiting it on the same day it was discovered,” Jackson said.

Clop has stated that it automatically deleted data stolen from government agencies, but state authorities and local cyber security firms are warning Oregonians to be careful.

Unfortunately, there isn’t much people can do to protect the identities of Oregonians now that the information has been compromised. Scott Carr, a senior network architect with Farmhouse Networking, a cyber security firm based in Grants Pass, said Oregonians should freeze their credit and take actions to reverse damages, if they see suspicious activity on their credit reports.

Jackson said all Oregonians can do is monitor bank and other online accounts for suspicious activity.

“Organizations need to remain vigilant and address zero-day vulnerabilities promptly,” Jackson said. “Regularly updating devices, implementing patches, and staying informed about software system vulnerabilities are crucial to maintaining security.”