Oregon DAS Assessed After Data Security Vulnerability

Thursday, March 26, 2015

The Oregon Department of Administrative Services was the victim of a data security vulnerability on Friday, March 20, when a unidentified hacker gained access to meta data.

The attack was detected by intrusion software, and investigated by the department. The information disclosed included time-stamps and the size of files.

After receiving the report, Governor Kate Brown announced Thursday she was calling for a restructuring of management in the department, as well as an independent assessment of Information Technology functions and oversight within the DAS.

“State agency I.T. operations must have sufficient safeguards and oversight in place to protect against hackers and cyber criminals intending to hijack state web sites or access Oregonians’ private information,” Brown said in a media statement. “Although I have been assured that no personally identifying information was compromised, this incident causes me to have serious concerns about the integrity of state data.”

Governor Brown appointed Oregon’s Chief Information Officer, Alex Pettit, to take charge of the agency’s Enterprise Technology Services Division (ETS). Brown also said she will start the process to hire a third-party management expert to conduct an assessment of best practices and management oversight for the division.

“Since it is in the best interest of the State of Oregon to investigate and resolve these issues as soon as possible, I will consult with Legislative leadership to ensure we have adequate resources to be able to respond quickly,” Brown said in the statement.

Related Slideshow: Recent Data Breaches in Oregon

Here are some of the biggest data and security breaches in Oregon between 2015 and 2012, according to Privacy Rights Clearinghouse:

Prev Next

The Oregon Department of Administrative Services

March 20, 2015

The department's meta data, including time stamps the size of flies, was disclosed on Friday, March 20, by an unidentified hacker.

The attack was detected by intrusion software, and investigated by the department, but no personally identifying information was compromise

Prev Next

LifeWise Health Plan of Oregon

March, 2015

A cyber attack on LifeWise and it's parent company Premera Blue Cross exposed the personal identification of 250,000 Oregonians to unauthorized access.

Prev Next

Oregon Employment Department

Date: Oct. 10, 2014

Location: Portland

Records Compromised: 820,000

A database containing personal information from people searching for jobs through WorkSource Oregon was breached.

Prev Next

Made in Oregon

Date: Dec. 3, 2013

Location: Portland

Records Compromised: 1,700

The company’s website, with credit card information, may have been accessed by unauthorized parties.

Prev Next

Samaritan Family Medicine Resident Clinic

Date: Nov. 4, 2013

Location: Corvallis

Records Compromised: 1,222

Un-shredded medical documents were found in a dumpster near the offices. Prescriptions, diagnoses and sensitive medical information were on the documents.

Prev Next

Bonneville Power Administration

Date: Aug. 27, 2013

Location: Portland

Records Compromised: 3,100

BPA employee names, Social Security numbers, and dates of birth were distributed by a cyber attack.

Prev Next

Oregon Health & Science University

Date: July 29, 2013

Location: Portland

Records Compromised: 3,000

OHSU patient information was placed on Google’s cloud computing system. OHSU did not have a contract with Google, so the information could have been used for promotional purposes due to the storage error.

Prev Next

Oregon State University

Date: July 29, 2012

Location: Oregon State University

Records Compromised: 21,000

During a software upgrade, an unnamed check printing vender copied data that included student and employee names, IDs, check numbers, check amounts, and possibly some Social Security numbers.

Prev Next

Eugene School District 4J

Date: June 11, 2012

Location: Eugene

Records Compromised: 16,000

An unauthorized source accessed confidential files containing student personal information, such as Social Security numbers, dates of birth, and phone numbers.