It’s no longer a question of if your data will ever be stolen. It seems it’s a matter of when. And then the questions become: How do you respond? How does the entity that was breached respond?

We think the Oregon DMV could have done better.

The department says about 3.5 million driver’s license and identification card files may have been taken. So if you have one, that likely includes you.

It wasn’t just in Oregon. Many other government agencies in different countries using the same software were breached in a global hack.

It did happen two weeks ago. Of course, the Oregon DMV had to spend some time figuring out what was taken. It realized on June 12 that the answer was: 90% of the license and ID files.

Days ticked by before the Oregon DMV told the public.

When The Oregonian asked about a security breach June 14, DMV officials had not planned to announce anything until Friday, June 16. They wanted time to ensure employees knew how to help people. ODOT did release a statement and hold a news conference Thursday afternoon, June 15.

Maybe no Oregonians were defrauded in that time. We hope not. The department seemed slow to inform Oregonians.

Oregon law actually requires a business or state agency to notify any consumer whose personal information was breached. There’s even a requirement that if a breach notice is sent to more than 250 people that a sample is sent to the Oregon Attorney General. We checked the database Thursday afternoon. No notice from the DMV.

You can check your credit reports online for free every 12 months at annualcreditreport.com or by calling 877-322-8558. You can even stagger getting the free reports from the three different credit agencies as a way of checking periodically to see if anything changes. And you can freeze your credit files temporarily.

We are not experts on credit and fraud. It certainly wouldn’t hurt, though, to check one of the free credit reports and see if there’s anything fishy going on.

And if the Secretary of State’s Office is thinking about audit ideas, how about looking into how Oregon responded to this breach.