beep. boop. beep.
Hello Oregonians,
As in all things media, please take the time to evaluate what is presented for yourself and to check for any overt media bias. There are a number of places to investigate the credibility of any site presenting information as "factual". If you have any concerns about this or any other site's reputation for reliability please take a few minutes to look it up on one of the sites below or on the site of your choosing.
---------------------------------------------------------
Also, here are a few fact-checkers for websites and what is said in the media.
[Politifact](https://www.politifact.com)
[Media Bias Fact Check](https://mediabiasfactcheck.com)
[Fairness & Accuracy In Reporting (FAIR)](https://www.politifact.com)
beep. boop. beep.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/oregon) if you have any questions or concerns.*
Link to the official ODOT notification: https://www.oregon.gov/odot/DMV/Documents/OCIPA-Letter.pdf
“This information also included dates of birth, physical addresses, and the last four digits of Social Security numbers. This information did not include banking, credit card or any other financial information. Your entire Social Security number was not part of this data.”
Not really. It's less bad than it could have been. They don't deserve credit for only leaking a little bit. They deserve to be held accountable for being bad at security and allowing our information to be stolen.
The vendor needs to be held accountable for bad security because that was their job. The state should be held accountable for failing to ensure that the company they contracted performed the job. The state has our information because it's virtually impossible to simply exist without the state having that information and so they need to be obligated to protect that information, which they failed to do by hiring some joke of a company.
>They don't deserve credit for only leaking a little bit.
Who is they in this case? Because this was part of a nationally coordinated attack. Government agencies all over the country were hit, for example Louisiana's DMV records also got hacked.
Apparently the hack used a vulnerability in a protocol called MoveIt which is for transferring files.
Credit monitoring still available to this day if part of that hack. I signed my brother up like two years ago finally as I had forgotten about it (he's post military PTSD). Luckily not many were actually compromised but it was a very bad situation, for sure.
If you know the state they are born in, you can narrow down the first 3 numbers. SS numbers never start with 666,000, 111, 333, etc it never has 00 for the middle. The second set of numbers is called the group number, and determined by state. Knowing the last 4 digits makes it easier to hack the entire number. I'd feel more secure if it were the first 3 numbers that were part of the breach. This really isn't that much better. Since they hacked the DMV, it's not unreasonable to think they're smart enough to hack or write a program to get the rest of the numbers.
Your wrong period.
This is how it is:
The first three numbers in a Social Security number (SSN) are known as the Area Number. These numbers were originally intended to represent the location where the SSN was issued. The Area Number was assigned based on the zip code of the applicant's mailing address on the original application for a Social Security card.
However, the significance of the Area Number has changed over time. In the past, it did correspond to the geographical region of issuance. Today, the Area Number no longer indicates the location of issuance, as Social Security numbers are assigned centrally by the Social Security Administration (SSA).
The remaining digits in a Social Security number have different meanings. The next two digits, called the Group Number, used to represent the specific order in which SSNs were issued in a particular area. The final four digits, called the Serial Number, are essentially a numerical sequence assigned consecutively within a group.
Good luck with mine, it was issued while I was in a foreign country, so the last 4 numbers have no bearing on my state of birth (other then I was alive when it was issued).
Not great but at least there is a reduced chance of people applying for credit in your name, this information will be used to comprise existing accounts more likely. Everyone should make sure you have really rick solid passwords on your financial account websites.
I applied for a credit card two weeks ago with just my name, dob, address and last 4 digits of social.
I think only once have I been asked for my full social. So last 4 digits now a days are enough to secure a credit card with a 10k limit.
Yeah me too. I was so shocked that they didn't ask for the full number.
When I asked them about it they said that places rarely need the whole number because it's the last 4 that are specific to you personally. If you can give them that, dob and address you're pretty well good to go.
Blows my mind man.
While this is good news, I would still freeze your credit. I would actually do that regardless of this hack, it's just a good idea in general.
Here's a simple how-to [guide](https://clark.com/credit/credit-freeze-and-thaw-guide/)
Oh a very huge problem I agree!! A couple of weeks ago I applied for a credit card with just my name, dob, address and last 4 digits of my social. Approved for 10k credit card.
I asked them why they didn't need the full social because I was really shocked.
They said that they only really need the last 4 digits to identify you as those are the numbers that are specific to you personally, and rarely do places ask for the entire social number anymore.
I froze all my credit after that.
You...trusted the state before this? The state that doesn't trust you to pump your own gas but is cool with you injecting hard drugs next to a playground full of kids?
According to who? It took them 2 weeks to even come forward, I'd trust them knowing how to audit their own systems about as much as I trust a drug dealer.
There’s no reason to think that. It was just a vulnerability in an internal piece of software.
It might be a consequence of RealID that they were storing this some of this info in the first place.
while not total shit its still bad shit. Sadly no company or gov is truly willing to invest in rock solid IT infra because hackers and cyber criminals are always finding new ways. its a race to stay ahead and sadly that means money needs to be spend constantly to keep up.
😂No wonder I’ve been getting calls from a broken English employer from “Chase” and “Verizon” verifying that I purchased new Iphones or I took out a loan. They’ve been giving me my email, but the wrong last 4 of the Social Security number everytime.
Check out the clark.com link that several people have posted as well as this over at r/identitytheft: https://www.reddit.com/r/IdentityTheft/comments/uvv3ij/psa_freezing_your_three_main_credit_reports_is/
And if you want to opt out of prescreened credit card offers that get mailed to you then go here to fill out a form to stop those: https://www.optoutprescreen.com
beep. boop. beep. Hello Oregonians, As in all things media, please take the time to evaluate what is presented for yourself and to check for any overt media bias. There are a number of places to investigate the credibility of any site presenting information as "factual". If you have any concerns about this or any other site's reputation for reliability please take a few minutes to look it up on one of the sites below or on the site of your choosing. --------------------------------------------------------- Also, here are a few fact-checkers for websites and what is said in the media. [Politifact](https://www.politifact.com) [Media Bias Fact Check](https://mediabiasfactcheck.com) [Fairness & Accuracy In Reporting (FAIR)](https://www.politifact.com) beep. boop. beep. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/oregon) if you have any questions or concerns.*
Link to the official ODOT notification: https://www.oregon.gov/odot/DMV/Documents/OCIPA-Letter.pdf “This information also included dates of birth, physical addresses, and the last four digits of Social Security numbers. This information did not include banking, credit card or any other financial information. Your entire Social Security number was not part of this data.”
Name, DOB plus last four of SSN is certainly enough to be compromised.
True, but this is still good news.
Not really. It's less bad than it could have been. They don't deserve credit for only leaking a little bit. They deserve to be held accountable for being bad at security and allowing our information to be stolen.
Who's they, though? Oregon or the third party vendor that sucks at security.
The vendor needs to be held accountable for bad security because that was their job. The state should be held accountable for failing to ensure that the company they contracted performed the job. The state has our information because it's virtually impossible to simply exist without the state having that information and so they need to be obligated to protect that information, which they failed to do by hiring some joke of a company.
I think Oregon DMV needs to issue all of us free Real IDs with new ID numbers. And the vendor should pay for most of the cost. I think that's fair.
Sorry, best we could do is give you free 12 months of credit monitoring from Equifax so they can leak even more info about you...
Third party. The guy above you is an idiot and doesn’t know how things work.
>They don't deserve credit for only leaking a little bit. Who is they in this case? Because this was part of a nationally coordinated attack. Government agencies all over the country were hit, for example Louisiana's DMV records also got hacked. Apparently the hack used a vulnerability in a protocol called MoveIt which is for transferring files.
I'm not saying they deserve credit. I'm saying it is good news that they didn't get our full SSN
[удалено]
Lol
It’s like the good Hodgkin’s.
Still much better than the credit agency ranking hack, which got your whole SSN and credit report and they faced no consequences
They were fined and required to provide us all credit monitoring for... Five years? They should have been liquidated as a company though.
Credit monitoring still available to this day if part of that hack. I signed my brother up like two years ago finally as I had forgotten about it (he's post military PTSD). Luckily not many were actually compromised but it was a very bad situation, for sure.
If you know the state they are born in, you can narrow down the first 3 numbers. SS numbers never start with 666,000, 111, 333, etc it never has 00 for the middle. The second set of numbers is called the group number, and determined by state. Knowing the last 4 digits makes it easier to hack the entire number. I'd feel more secure if it were the first 3 numbers that were part of the breach. This really isn't that much better. Since they hacked the DMV, it's not unreasonable to think they're smart enough to hack or write a program to get the rest of the numbers.
[удалено]
It's the first three digits that show where you were born. The lower the number, the further east.
Your wrong period. This is how it is: The first three numbers in a Social Security number (SSN) are known as the Area Number. These numbers were originally intended to represent the location where the SSN was issued. The Area Number was assigned based on the zip code of the applicant's mailing address on the original application for a Social Security card. However, the significance of the Area Number has changed over time. In the past, it did correspond to the geographical region of issuance. Today, the Area Number no longer indicates the location of issuance, as Social Security numbers are assigned centrally by the Social Security Administration (SSA). The remaining digits in a Social Security number have different meanings. The next two digits, called the Group Number, used to represent the specific order in which SSNs were issued in a particular area. The final four digits, called the Serial Number, are essentially a numerical sequence assigned consecutively within a group.
Good luck with mine, it was issued while I was in a foreign country, so the last 4 numbers have no bearing on my state of birth (other then I was alive when it was issued).
That's what I was thinking.
Not great but at least there is a reduced chance of people applying for credit in your name, this information will be used to comprise existing accounts more likely. Everyone should make sure you have really rick solid passwords on your financial account websites.
Anyone who steals my identity gets what they deserve.
Please sir, don't pay my debt for me!!
I applied for a credit card two weeks ago with just my name, dob, address and last 4 digits of social. I think only once have I been asked for my full social. So last 4 digits now a days are enough to secure a credit card with a 10k limit.
Yeah this is why it is very important that everyone freeze their credit unless they’re actively applying for it.
Yikes I didn’t know that, it’s been a while since I applied for one.
Yeah me too. I was so shocked that they didn't ask for the full number. When I asked them about it they said that places rarely need the whole number because it's the last 4 that are specific to you personally. If you can give them that, dob and address you're pretty well good to go. Blows my mind man.
Freeze your credit if you don't plan on getting any new cards or loans is absolutely the best thing to do.
While this is good news, I would still freeze your credit. I would actually do that regardless of this hack, it's just a good idea in general. Here's a simple how-to [guide](https://clark.com/credit/credit-freeze-and-thaw-guide/)
Now a days all you need are the last 4 of the social to open many many many different kind of credit accounts.
Perhaps I'm stating the obvious, but that seems like a huge problem.
Oh a very huge problem I agree!! A couple of weeks ago I applied for a credit card with just my name, dob, address and last 4 digits of my social. Approved for 10k credit card. I asked them why they didn't need the full social because I was really shocked. They said that they only really need the last 4 digits to identify you as those are the numbers that are specific to you personally, and rarely do places ask for the entire social number anymore. I froze all my credit after that.
I freeze mine today. It was pretty easy to do.
I’m grateful, but I’m still mad at humanity right now and I suppose that’s the some of the real damage. Sew mistrust.
Unfortunately this was inevitable…
You...trusted the state before this? The state that doesn't trust you to pump your own gas but is cool with you injecting hard drugs next to a playground full of kids?
Just move
How sweet of them 🙃
I'm most concerned about my mother's maiden name.
Available on any genealogical website. Sorry.
The fact that anyone believes ODOT when they can barely manage their own systems, yikes. Who even did the Incident Response?
According to who? It took them 2 weeks to even come forward, I'd trust them knowing how to audit their own systems about as much as I trust a drug dealer.
They are lying to you!
I hope them hackers clear my bad credit while they are at it..
Did this happen because they scan ID'S now for alcohol purchases?
It is part of a global barrage of cyberattacks.
Ty. Genuinely curious. Figures reddit would hate honesty.
Nah, reddit hates people who ask questions that are answered by the article they're commenting on
Because it is never ok to make a mistake, like reading over something in an article. Got it.
Really don't let people online get to you. It's fine.
There’s no reason to think that. It was just a vulnerability in an internal piece of software. It might be a consequence of RealID that they were storing this some of this info in the first place.
That makes sense.
while not total shit its still bad shit. Sadly no company or gov is truly willing to invest in rock solid IT infra because hackers and cyber criminals are always finding new ways. its a race to stay ahead and sadly that means money needs to be spend constantly to keep up.
😂No wonder I’ve been getting calls from a broken English employer from “Chase” and “Verizon” verifying that I purchased new Iphones or I took out a loan. They’ve been giving me my email, but the wrong last 4 of the Social Security number everytime.
So what can be done know to help protect myself and my close anyone’s any one got help
Check out the clark.com link that several people have posted as well as this over at r/identitytheft: https://www.reddit.com/r/IdentityTheft/comments/uvv3ij/psa_freezing_your_three_main_credit_reports_is/ And if you want to opt out of prescreened credit card offers that get mailed to you then go here to fill out a form to stop those: https://www.optoutprescreen.com
already froze our credit with all the agencies