ODT
Company Details
Linkedin ID:
oregon-department-of-transportation
Website:
Employees number:
1,953
Number of followers:
20,057
NAICS:
92
Industry Type:
Homepage:
oregon.gov
IP Addresses:
0
Company ID:
ORE_2387723
Scan Status:
In-progress
Oregon Department of Transportation Company CyberSecurity Posture
oregon.gov
The Oregon Department of Transportation is an award-winning organization, more than 4,500 employees strong. Together, we provide a safe and reliable multimodal transportation system that connects people and helps Oregon's communities and economy thrive. Transportation in Oregon is a multi-billion dollar investment in our people, our environment and our state. Almost every aspect of life is affected one way or another by transportation. With 96,000 square miles of land, we must have a safe, dependable system — and in Oregon, that includes highways, passenger and freight rail, public transit and non-motorized transportation. Over the past several years, Oregonians have opted to invest in the state’s transportation infrastructure. This commitment to a sound transportation system is creating opportunities for engineers, planners, maintenance and construction workers, information systems specialists, accountants, customer service representatives, inspectors, policy analysts and other knowledgeable employees. Consider a career with the Oregon Department of Transportation. Live and work among tall mountains, surrounded by sandy ocean beaches and clear blue lakes, in the grassy valleys or on the high desert, in the big city or in a small country town. Oregon has it all — just waiting for you to discover; waiting for you to make your mark. For job opportunities, visit www.odotjobs.com or email [email protected]. For general questions, call (888) ASK-ODOT.
Oregon Department of Transportation A.I CyberSecurity Scoring
ODT Risk Score (AI oriented)Between 550 and 599
ODT
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
ODT Global Score (TPRM)XXXX
ODT
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
ODT Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Oregon Department of Transportation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Millions of drivers and car owners had their personal information taken as a result of the MOVEit breach, including the departments of motor vehicles in Louisiana and Oregon. The company was hacked, exposing information from an estimated 3.5 million identity cards and driver's licences. Given that many people's personal information was exposed to potential unscrupulous actors, the Oregon DMV data breach could be risky for them. As of right now, there is no evidence that the MOVEit hacker group sold, exchanged, or publicly publicised the OMV information they stole.
Oregon Department of Transportation
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The MOVEit Transfer file transfer platform, created by Progress Software Corporation, was the subject of a recent, major hacking effort by the Cl0p ransomware group, according to alarming information disclosed by cybersecurity firm Emsisoft. The analysts estimate that 60,144,069 people and about 1,000 organisations were affected by the attacks. The Cl0p group's leak site, state breach reports, SEC filings, and other public disclosures are the sources of the data. The attacks affected tens of millions of people, according to the experts. Maximus, Pôle emploi, Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America, Genworth, PH Tech, and Milliman Solutions are the organisations with the greatest number of affected persons.
ODT Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for ODT
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for Oregon Department of Transportation in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Oregon Department of Transportation in 2025.
Incident Types ODT vs Government Administration Industry Avg (This Year)
No incidents recorded for Oregon Department of Transportation in 2025.
Incident History — ODT (X = Date, Y = Severity)
ODT cyber incidents detection timeline including parent company and subsidiaries
ODT Company Subsidiaries
The Oregon Department of Transportation is an award-winning organization, more than 4,500 employees strong. Together, we provide a safe and reliable multimodal transportation system that connects people and helps Oregon's communities and economy thrive. Transportation in Oregon is a multi-billion dollar investment in our people, our environment and our state. Almost every aspect of life is affected one way or another by transportation. With 96,000 square miles of land, we must have a safe, dependable system — and in Oregon, that includes highways, passenger and freight rail, public transit and non-motorized transportation. Over the past several years, Oregonians have opted to invest in the state’s transportation infrastructure. This commitment to a sound transportation system is creating opportunities for engineers, planners, maintenance and construction workers, information systems specialists, accountants, customer service representatives, inspectors, policy analysts and other knowledgeable employees. Consider a career with the Oregon Department of Transportation. Live and work among tall mountains, surrounded by sandy ocean beaches and clear blue lakes, in the grassy valleys or on the high desert, in the big city or in a small country town. Oregon has it all — just waiting for you to discover; waiting for you to make your mark. For job opportunities, visit www.odotjobs.com or email [email protected]. For general questions, call (888) ASK-ODOT.
Loading...
ODT Similar Companies
City of Seattle
Work With Purpose. Shape Seattle. Inspire the World. Seattle is more than a world-class city — it’s a vibrant, evolving community rooted in shared values of sustainability, innovation, and inclusion. As a public employer, the City of Seattle is committed to building a city that works for everyone —
Comunidad de Madrid
Si necesitas información general y especializada sobre los servicios públicos madrileños puedes llamar al teléfono de Atención al Ciudadano 012. En la Comunidad de Madrid estamos encantados de recibir comentarios y favorecer el diálogo, por eso te proponemos unas normas básicas de participación:
U.S. Department of the Treasury
The Treasury Department is the executive agency responsible for promoting economic prosperity and ensuring the financial security of the United States. The Department is responsible for a wide range of activities such as advising the President on economic and financial issues, encouraging sustainabl
eThekwini Municipality
EThekwini Municipality is a Metropolitan Municipality found in the South African province of KwaZulu-Natal. Home to the world-famous city of Durban. EThekwini is the largest City in the province and the third largest city in the country. It is a sophisticated cosmopolitan city of over 3 468 088 peop
Københavns Kommune
Københavns Kommune er Danmarks største arbejdsplads med ca. 45.000 medarbejdere. Vi udvikler hovedstaden og servicerer over 500.000 københavnere. Vores mål er at fastholde og udvikle København som en af verdens bedste byer at bo i – og skabe øget vækst gennem viden, innovation og beskæftigelse. Fi
South African Revenue Service (SARS)
Its main functions are to: collect and administer all national taxes, duties and levies; collect revenue that may be imposed under any other legislation, as agreed on between SARS and an organ of state or institution entitled to the revenue; provide protection against the illegal importation
State of Minnesota
Minnesota State Government is the third largest employer in the state of Minnesota, employing over 50,000 diverse and talented employees in more than 100 state agencies, boards, commissions, colleges, and universities. Our workplaces can be found across the state in 86 out of 87 Minnesota counties a
Texas Health and Human Services
Overview The Texas Health and Human Services Commission (HHSC) is an agency within the Texas Health and Human Services System. In September 2016, Texas began transforming how it delivers health and human services to qualified Texans, with a goal of making the Health and Human Services System more ef
State of California
Californians deserve a government that works for them and with them. One that will work to ensure opportunity and justice. We are building a California not for the few, but for all — including those who have historically been left out. We are doing the work to make our state a place for every Cali
.png)
ODT CyberSecurity News
October 17, 2025 07:00 AM
ITD and ODOT host SH-52 Snake River Bridge replacement open house
The Idaho Transportation Department invites the public to learn about construction plans for a new State Highway 52, Snake River Bridge in...
September 30, 2025 07:00 AM
E&E News: Oregon legislators raise gas tax, add EV fee
CLIMATEWIRE | Oregon is poised to impose mandatory fees on electric vehicles and raise its gasoline tax after lawmakers on Monday approved a...
September 26, 2025 07:00 AM
Rhysida ransomware gang claims Maryland Transit Administration breach, demands $3.4 million
The Rhysida ransomware gang claimed responsibility for a late-August data breach at the Maryland Transit Administration.
August 28, 2025 07:00 AM
Another successful year for Oregon Tech’s educational summer youth camps
Oregon Tech would like to announce another successful set of educational summer camps. These camps -- the LEGO Camps, NW Cyber Camp,...
July 22, 2025 07:00 AM
NYC Council will expand overnight truck parking opportunity | New HOS relief for wildfire response
A bill passed by the NYC Council requires NYC DOT to establish overnight truck parking areas in industrial business zones.
July 01, 2025 07:00 AM
E&E News: Layoffs loom after Oregon gas tax hike dies
Gov. Tina Kotek, a Democrat, said up to 700 state workers could be fired because lawmakers failed to increase the cost of gasoline by 3 cents.
June 24, 2025 07:00 AM
Oregon Homeland Security Advisor warns of 'heightened threat environment'
The Oregon Department of Emergency Management is urging Oregonians to be vigilant in the face of a National Terrorism Advisory System (NTAS)...
June 10, 2025 07:00 AM
Oregon brings the hammer down on weigh station evaders
The Oregon Department of Transportation's Commerce and Compliance Division, along with the Oregon State Police, ticketed 122 truck drivers...
June 09, 2025 07:00 AM
Transportation bill released: Here’s what you need to know
The Oregon Legislature finally released the transportation bill this morning and it only took about two hours for the rhetorical sparks to...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ODT CyberSecurity History Information
Official Website of Oregon Department of Transportation
The official website of Oregon Department of Transportation is http://www.oregon.gov/odot.
Oregon Department of Transportation’s AI-Generated Cybersecurity Score
According to Rankiteo, Oregon Department of Transportation’s AI-generated cybersecurity score is 565, reflecting their Very Poor security posture.
How many security badges does Oregon Department of Transportation’ have ?
According to Rankiteo, Oregon Department of Transportation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Oregon Department of Transportation have SOC 2 Type 1 certification ?
According to Rankiteo, Oregon Department of Transportation is not certified under SOC 2 Type 1.
Does Oregon Department of Transportation have SOC 2 Type 2 certification ?
According to Rankiteo, Oregon Department of Transportation does not hold a SOC 2 Type 2 certification.
Does Oregon Department of Transportation comply with GDPR ?
According to Rankiteo, Oregon Department of Transportation is not listed as GDPR compliant.
Does Oregon Department of Transportation have PCI DSS certification ?
According to Rankiteo, Oregon Department of Transportation does not currently maintain PCI DSS compliance.
Does Oregon Department of Transportation comply with HIPAA ?
According to Rankiteo, Oregon Department of Transportation is not compliant with HIPAA regulations.
Does Oregon Department of Transportation have ISO 27001 certification ?
According to Rankiteo,Oregon Department of Transportation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Oregon Department of Transportation
Oregon Department of Transportation operates primarily in the Government Administration industry.
Number of Employees at Oregon Department of Transportation
Oregon Department of Transportation employs approximately 1,953 people worldwide.
Subsidiaries Owned by Oregon Department of Transportation
Oregon Department of Transportation presently has no subsidiaries across any sectors.
Oregon Department of Transportation’s LinkedIn Followers
Oregon Department of Transportation’s official LinkedIn profile has approximately 20,057 followers.
NAICS Classification of Oregon Department of Transportation
Oregon Department of Transportation is classified under the NAICS code 92, which corresponds to Public Administration.
Oregon Department of Transportation’s Presence on Crunchbase
No, Oregon Department of Transportation does not have a profile on Crunchbase.
Oregon Department of Transportation’s Presence on LinkedIn
Yes, Oregon Department of Transportation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/oregon-department-of-transportation.
Cybersecurity Incidents Involving Oregon Department of Transportation
As of November 27, 2025, Rankiteo reports that Oregon Department of Transportation has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Oregon Department of Transportation has an estimated 11,116 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Oregon Department of Transportation ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
Incident Details
Can you provide details on each incident ?
Title: MOVEit Data Breach
Description: Millions of drivers and car owners had their personal information taken as a result of the MOVEit breach, including the departments of motor vehicles in Louisiana and Oregon. The company was hacked, exposing information from an estimated 3.5 million identity cards and driver's licences. Given that many people's personal information was exposed to potential unscrupulous actors, the Oregon DMV data breach could be risky for them. As of right now, there is no evidence that the MOVEit hacker group sold, exchanged, or publicly publicised the OMV information they stole.
Type: Data Breach
Threat Actor: MOVEit hacker group
Title: MOVEit Transfer Platform Hack by Cl0p Ransomware Group
Description: The MOVEit Transfer file transfer platform, created by Progress Software Corporation, was the subject of a recent, major hacking effort by the Cl0p ransomware group.
Type: Ransomware
Threat Actor: Cl0p ransomware group
Motivation: Data exfiltration and ransom
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ORE61425623
Data Compromised: Personal information, Identity cards, Driver's licences
Identity Theft Risk: High
Incident : Ransomware ORE45181223
Data Compromised: 60,144,069 people
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Identity Cards, Driver'S Licences and .
Which entities were affected by each incident ?
Incident : Data Breach ORE61425623
Entity Name: Department of Motor Vehicles, Louisiana
Entity Type: Government
Industry: Public Sector
Location: Louisiana
Incident : Data Breach ORE61425623
Entity Name: Department of Motor Vehicles, Oregon
Entity Type: Government
Industry: Public Sector
Location: Oregon
Incident : Ransomware ORE45181223
Entity Name: Progress Software Corporation
Entity Type: Corporation
Industry: Software
Customers Affected: 60,144,069 people and about 1,000 organisations
Incident : Ransomware ORE45181223
Entity Name: Louisiana Office of Motor Vehicles
Entity Type: Government
Incident : Ransomware ORE45181223
Entity Name: Colorado Department of Health Care Policy and Financing
Entity Type: Government
Incident : Ransomware ORE45181223
Entity Name: Oregon Department of Transportation
Entity Type: Government
Incident : Ransomware ORE45181223
Entity Name: Teachers Insurance and Annuity Association of America
Entity Type: Organization
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ORE61425623
Type of Data Compromised: Personal information, Identity cards, Driver's licences
Number of Records Exposed: 3.5 million
Sensitivity of Data: High
Incident : Ransomware ORE45181223
Number of Records Exposed: 60,144,069
Ransomware Information
Was ransomware involved in any of the incidents ?
References
Where can I find more information about each incident ?
Incident : Ransomware ORE45181223
Source: Emsisoft
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Emsisoft.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an MOVEit hacker group and Cl0p ransomware group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were personal information, identity cards, driver's licences, , 60,144 and069 people.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were personal information, driver's licences, identity cards, 60,144 and069 people.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 63.6M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Emsisoft.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=oregon-department-of-transportation' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
