Breach, Threat Management, Data Security, Malware, Phishing

Phishing scam stings Oregon Dept. of Human Services, compromises emails containing resident data

The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents.

According to a March 21 Oregon DHS press release, the incident took place last Jan. 8, when nine separate agency employees opened a spear phishing email and clicked on a link that compromised their email mailboxes and the two million emails within. The agency's Enterprise Security Office Cyber Security team confirmed the breach on Jan. 28 and worked to contain the threat.

Contents within those emails included client information protected under HIPAA regulations. Such data may include names, addresses, birth dates, Social Security numbers and case numbers.

"The department cannot confirm that any clients’ personal information was acquired from its email system or used inappropriately. However, it is notifying the public because information was accessible to an unauthorized person or persons," said an Oregon DHS news release, which was published under the guidelines of the state's Identity Theft Protection Act.

The release said the number of affected consumers exceeds 350,000, but a report from local news affiliate KTVZ notes that the agency services about 1.6 million residents – meaning the total number of impacted civilians could potentially be far more. The Oregon DHS said an external digital forensics firm is actively investigating to determine the number of and identities of affected Oregonians. The agency will then contact those individuals and offer them ID theft recovery services.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.