SALEM — A data breach at the Oregon Department of Transportation includes personal information for approximately 3.5 million holders of Oregon ID or driver’s licenses.

ODOT announced the data breach Thursday, June 15, in a press release. The state transportation department reported it is among many organizations that were part of a global hack of the data transfer software MOVEit Transfer.

Since 2015, ODOT has used MOVEit Transfer, a popular file sharing tool created and supported by Progress Software Corp that allows organizations to securely transfer files and data between business partners and customers. On June 1, the Cybersecurity and Infrastructure Security Agency issued a zero-day vulnerability alert stating that PSC had released a security advisory for MOVEit Transfer, and the software had a vulnerability that could allow an attacker to “take over an affected system.”

“We moved immediately to secure our systems and are confident that they are working safely,” according to a press release Thursday, June 15, from ODOT. “ODOT worked closely with state cyber security services and engaged a third-party security specialist for analysis. Our analysis identified multiple files shared via MOVEit Transfer that were accessed by unauthorized actors before we received the security alert.”

ODOT on June 12 confirmed the accessed data contained personal information for approximately 3.5 million Oregonians. While much of this information is available broadly, some of it is sensitive personal information.

“We do not have the ability to identify if any specific individual’s data has been breached,” according to the press release. “Individuals who have an active Oregon ID or driver’s license should assume information related to that ID is part of this breach. We recommend individuals take precautionary measures to protect themselves from misuse of this information, such as accessing and monitoring personal credit reports.”

If you think you may have been affected, here’s what you should do now:

Under federal law, you have the right to receive, at your request, a free copy of your credit report every 12 months from each of the three consumer credit reporting companies. A credit report can provide information about those who have received your credit history. You may request a free credit report online at www.annualcreditreport.com or by telephone at 877-322-8228.

When you receive your credit reports, check for any transactions or accounts that you do not recognize. If you see anything you do not understand, call the telephone number listed on the credit report or visit the Federal Trade Commission’s Web site on identity theft at www.consumer.gov/idtheft. Additionally, you may wish to ask each of the three credit monitoring agencies to freeze your credit files.

Equifax: equifax.com/personal/credit-report-services or 800-685-1111.

Experian: experian.com/help or 888-397-3742.

TransUnion: transunion.com/credit-help or 888-909-8872.

For information, you can reach out to Ask ODOT, your first point of contact for finding information, services or resolving issues with ODOT. They can be reached by email at AskODOT@odot.oregon.gov.

“ODOT has notified law enforcement,” according to the press release. “Our work to understand the full impact of this incident is ongoing. As we learn more, affected parties will be notified as required.”