Oregonians File Data Theft Lawsuit Seeking Justice for Millions

Two residents of Oregon, Caery Evangelist and Brian Els, have taken a bold step towards seeking justice by filing a lawsuit that targets the heart of a massive data breach incident. This cyberattack, traced back to a Russian cybergang in May 2023, compromised the personal information of approximately 3.5 million Oregonians. The victims of this breach lost sensitive details tied to their driver's licenses and ID cards, covering data points such as names, addresses, birth dates, and even parts of their Social Security numbers.

The Scale of the Breach

The lawsuit, initiated in Marion County Circuit Court, spotlights the breadth of this breach within Oregon and its global context. It was part of a larger scheme that impacted roughly 2,770 entities worldwide, totaling more than 90 million individuals affected. The entities ranged from educational institutions like New York City schools to international organizations, including British Airways and the BBC.

Demands for Compensation and Protection

While the plaintiffs have not specified a dollar amount for individual reparations, they have created a baseline demand starting at $10 million without setting a maximum limit. Beyond financial compensation, the lawsuit seeks to secure identity theft insurance and lifetime credit monitoring for all affected by the breach. This move underscores the lingering risk of identity theft and fraud that victims might face indefinitely.

The Toll of Data Theft

Evangelist and Els, representing a broader class of victims, testify to the significant personal toll taken by the breach. They recount hours spent monitoring credit reports, researching credit protection services, and, in Evangelist's case, incurring out-of-pocket expenses for credit monitoring services. The lawsuit decries the breach as a "gold mine for data thieves," cautioning that such stolen information could enable a range of crimes, from financial fraud to identity theft.

ALSO READ: EEOC Releases Update on Workplace Policy Safeguarding Pronoun Use, Bathroom Access, and Abortion Rights

State's Responsibility Questioned

A focal point of the legal action is the alleged failure of the Oregon Department of Transportation (ODOT) and the Oregon Driver & Motor Vehicle Services to prevent the breach. According to the lawsuit, a flaw in the "MOVEit" software, provided by Progress Software Corporation, served as the entry point for the cyberattack. The lawsuit criticizes the state for not sufficiently safeguarding Oregonians from this vulnerability. Following the cyberattack, state officials urged all individuals with an active Oregon driver's license or ID card as of the breach date to assume their information was compromised. However, they admit they cannot confirm if the stolen data has been misused.

Legal Endeavor for Reformation

The lawsuit, filed by Lake Oswego attorneys Paul Barton and Alex Graven, marks a significant effort to address the immediate consequences of the data breach and its systemic roots. It challenges state organizations to reassess and fortify their cybersecurity measures, ensuring a breach of this magnitude does not recur. As this legal battle unfolds, it promises to set precedents in protecting sensitive information and how victims of such data thefts are compensated and supported in the aftermath.

RELATED TOPIC: Parking Violations: DOJ Warns NYPD of Potential Lawsuit Over Obstruction of Sidewalks, Crosswalks