Oregon DAS Assessed After Data Security Vulnerability
Email to a friend
Permalink
Thursday, March 26, 2015
The Oregon Department of Administrative Services was the victim of a data security vulnerability on Friday, March 20, when a unidentified hacker gained access to meta data.
The attack was detected by intrusion software, and investigated by the department. The information disclosed included time-stamps and the size of files.
After receiving the report, Governor Kate Brown announced Thursday she was calling for a restructuring of management in the department, as well as an independent assessment of Information Technology functions and oversight within the DAS.
“State agency I.T. operations must have sufficient safeguards and oversight in place to protect against hackers and cyber criminals intending to hijack state web sites or access Oregonians’ private information,” Brown said in a media statement. “Although I have been assured that no personally identifying information was compromised, this incident causes me to have serious concerns about the integrity of state data.”
Governor Brown appointed Oregon’s Chief Information Officer, Alex Pettit, to take charge of the agency’s Enterprise Technology Services Division (ETS). Brown also said she will start the process to hire a third-party management expert to conduct an assessment of best practices and management oversight for the division.
“Since it is in the best interest of the State of Oregon to investigate and resolve these issues as soon as possible, I will consult with Legislative leadership to ensure we have adequate resources to be able to respond quickly,” Brown said in the statement.
Related Slideshow: Recent Data Breaches in Oregon
Here are some of the biggest data and security breaches in Oregon between 2015 and 2012, according to Privacy Rights Clearinghouse:
Prev
Next
The Oregon Department of Administrative Services
March 20, 2015
The department's meta data, including time stamps the size of flies, was disclosed on Friday, March 20, by an unidentified hacker.
The attack was detected by intrusion software, and investigated by the department, but no personally identifying information was compromise
Prev
Next
LifeWise Health Plan of Oregon
March, 2015
A cyber attack on LifeWise and it's parent company Premera Blue Cross exposed the personal identification of 250,000 Oregonians to unauthorized access.
Prev
Next
Oregon Employment Department
Date: Oct. 10, 2014
Location: Portland
Records Compromised: 820,000
A database containing personal information from people searching for jobs through WorkSource Oregon was breached.
Prev
Next
Made in Oregon
Date: Dec. 3, 2013
Location: Portland
Records Compromised: 1,700
The company’s website, with credit card information, may have been accessed by unauthorized parties.
Prev
Next
Samaritan Family Medicine Resident Clinic
Date: Nov. 4, 2013
Location: Corvallis
Records Compromised: 1,222
Un-shredded medical documents were found in a dumpster near the offices. Prescriptions, diagnoses and sensitive medical information were on the documents.
Prev
Next
Bonneville Power Administration
Date: Aug. 27, 2013
Location: Portland
Records Compromised: 3,100
BPA employee names, Social Security numbers, and dates of birth were distributed by a cyber attack.
Prev
Next
Oregon Health & Science University
Date: July 29, 2013
Location: Portland
Records Compromised: 3,000
OHSU patient information was placed on Google’s cloud computing system. OHSU did not have a contract with Google, so the information could have been used for promotional purposes due to the storage error.
Prev
Next
Oregon State University
Date: July 29, 2012
Location: Oregon State University
Records Compromised: 21,000
During a software upgrade, an unnamed check printing vender copied data that included student and employee names, IDs, check numbers, check amounts, and possibly some Social Security numbers.
Prev
Next
Eugene School District 4J
Date: June 11, 2012
Location: Eugene
Records Compromised: 16,000
An unauthorized source accessed confidential files containing student personal information, such as Social Security numbers, dates of birth, and phone numbers.
Prev
Next
Office of Dr. Rex Smith
Date: April 20, 2012
Location: Eugene
Records Compromised: 20,915
During a burglary, a computer with patient names, Social Security numbers, and dates of birth was stolen.
Prev
Next
Key Bank
Date: May 9, 2012
Location: Springfield
Records Compromised: 2,937
A bank manager gathered and transferred customer names, Social Security numbers, and dates of birth.
Prev
Next
Applegate Valley Family Medicine
Date: April 2, 2012
Location: Grants Pass
Records Compromised: 2,300
Patient information was compromised when a laptop was stolen.
Enjoy this post? Share it with others.
Email to a friend
Permalink
Follow us on Pinterest Google + Facebook Twitter See It Read It