Salem + computers = What can go wrong?
Among the many things that Oregon state government does a bad job with, information technology is one of the worst, if not the very worst. Now the Department of Motor Vehicles has been hacked, and the cybercriminals of the world have their hands on highly sensitive information on three and a half million of us. Anybody with a driver's license or state ID card. Name, address, date of birth, height, weight, eye color, whether you wear lenses to see better, and I assume our photos as well. I can't tell from the sketchy news stories so far whether vehicle registration information was also stolen – I assume so – and that will also show what you drive and who you got your car loan from.
Worst of all, the Oregon driver's license application also takes your Social Security number, and so the crooks probably have that, too. And whoa Nellie, that alone is enough to make all of our lives miserable. As a recent victim of one of these "data breaches" in a different context, trust me. When the dark web types start acting up with the data, victims will spend hours trying to keep their lives in order. I recently killed an entire morning on the phone with the IRS just to get them to accept my tax return.
One of things I wonder about is whether the crooks and their shady pals are now able to match vehicles' license plate numbers with their owners. That information is usually difficult (though not impossible) to get. I remember when, years ago, before they restricted it, some guy got all the plate numbers and their owners, for the whole state, through legitimate public records requests, and posted them on the web. The authorities quickly put a stop to that, but the cat may be out of the bag now.
When private businesses let their guard down and get hit like this, most of them offer to buy a year's worth of credit monitoring for all of the victims. So far, I'm not hearing anybody in Salem offering anything of the sort. They're telling us that we now have to keep a sharp eye on our credit reports. But if we want the credit agencies to send us an email when somebody starts taking out loans in our name, apparently we'll have to pay for that ourselves.
That, in legal parlance, is what is known as a crock.
And although they found out about the breach at least several days earlier, the Salem bureaucrats were planning to stall saying anything about it until they could drop a nice Friday news dump. At least the media got wind of it and blew the whistle on a Thursday.
Speaking of the calendar, it's a holiday weekend of sorts, but I'll bet you a few class action plaintiffs' lawyers in Portland are in the office today doing some research into how hard it is to sue a state government for incompetence. The damages fron this one could be enormous.
Here we are, a state that can't stop handing out tax breaks to big tech companies. You would think the politicians and bureacrats would pay some of them some major bucks to get the state's I.T. house in order. You know, actually get some valuable service for our money. But no.
I was the victim of an OR DMV breach circa 1998 when I surrendered my old license at a DMV office in the Portland metro area (in the process of getting a new license) and some criminal in Marion County got a hold of it and used it to cash stolen payroll checks. Turns out that the DMV's practice at the time was to collect all the old licenses in a bag and drive them to Salem to be destroyed except that whoever was supposed to do that would instead drive them to a rest stop on I-5 and sell them to criminals. Apparently it hadn't occurred to the geniuses to hole punch the old licenses first before sending them to Salem or, maybe, doing so would have ruined a good "side hustle"?
ReplyDeleteYou lying scoundrel! There is no corruption in Oregon. Human nature does not apply here.
DeletePeople (bureaucrats) employed in Oregon state operations are the problem, not technology. Technology is just a scapegoat. It often seems that these employees are not screened for competence.
ReplyDeleteOh, they’re screened for competence all right. It happens when IT positions with the state come with salaries absurdly below the market rate for competent IT folks. Somehow the doctors managed to get special salary schedules and they’re paid pretty well when they work for Oregon — but the Lege can’t seem to wrap its mind around the idea that Oregon has to compete for talent with tech firms all around the world and act accordingly.
ReplyDeleteI know state workers take it pretty hard on this blog — sometimes deservedly so — but Oregon went through a very long period of GOP control of the Lege and just flagrant, rampant hatred of state workers was the order of the day (Mark Hemstreet, Bill Sizemore, etc.) and that culture took hold all across Oregon.
The Legislature is often well stocked with absolute rubes who think nothing of teeing off on state workers trying to do some really difficult work while having to navigate randomly shifting priorities and whimsical budget nonsense, like starving programs while the kicker deals out money because a budget guesser’s crystal ball was cloudy.
I’m not arguing that there are no incompetents and scoundrels amongst the bureaucrats, but I’d say that overall Oregon is in a doom loop where we’re getting what we pay for. We can wish for all state workers to be selfless saints but as a strategy it’s not working.
If they actually are screened. Maybe the level of the bar should be examined.
DeleteI think you miss my point. The bar is set low by the state offering below market salaries for IT jobs.
DeleteIt’d be interesting if someone in the media found the committee that set the bar. And asked some questions.
DeleteThe last time the R's had control of the Legislature was 17 years ago; 15 of the past 30 years have had total Democratic control of both the legislature and the governorship in Oregon, yet, your takeaway is this mess is due to GOP attitudes toward state employees? Be at least intellectually honest: The D's have just as much responsbility for the low pay and now we find out they sat on this story for 3 days as well. It's not a good look. .
DeleteHow much money was stolen with fake unemployment claims? That system is just as old and easy to hack. As to giving access of all our motor vehicle and license data to criminals, well we just call that EQUITY baby...
ReplyDeleteAdvice from WA Post tech column Q&A article:
ReplyDeleteQ: There was a recent digital security incident at the brokerage firm we use. They suggested we look into buying identity protection. What should we look for in these services?
A: For folks who aren’t familiar, identity theft protection services say they’ll monitor the web and notify you if your personal information was stolen or used to open a bank account or take out a loan. Sometimes they offer to help reimburse you if you lost money.
I have spoken to consumer finance experts who say these services generally aren’t worth the money.
It stinks, but you should assume that your personal information will be stolen at some point. (Louisiana and Oregon told residents in recent days that details from state motor vehicle records were likely exposed to hackers.)
When it happens to you, your best course of action is free but time consuming: vigilance.
Now that you know information from your brokerage account may have been stolen, be alert for signs that someone is pretending to be you.
If you receive a text about phone service you didn’t order, a bill from an unfamiliar doctor or a notice about an application for government benefits that you didn’t make, alarm bells should go off. Also, change the passwords on your important online accounts.
One thing I’ve personally done after talking to consumer fraud experts: I froze my credit with the three large credit reporting bureaus. This is free by law.
Follow the links to freeze your credit with Equifax, Experian and TransUnion. Or start on AnnualCreditReport.com. (NEVER Google anything related to credit or identity theft.)
If you freeze your credit, no one can check your creditworthiness to apply for a loan or rent a home in your name. This discourages criminals from impersonating you and sticking you with unpaid bills.
It’s inconvenient, though. You’ll probably need to unfreeze your credit before you apply for a credit card or buy a new cellphone plan.