Oregon Employment Dept. Reports Breach850,000 Who Registered for Job Search Help May Be Affected
The Oregon Employment Department says an unauthorized intrusion into the agency's website may have exposed information on approximately 850,000 individuals who registered for job search help and other services.
On Oct. 6, the agency responded to an anonymous tip alleging a security vulnerability in the WorkSource Oregon Management Information System, the department says. The agency immediately coordinated with the state's chief information office to confirm the tip's validity.
Once validated, the system in question was shut down while steps were taken to address the security vulnerability - the lack of encryption on an older system, says Craig Spivey, a department spokesman.
Information that may have been compromised includes names, addresses and, in some cases, Social Security numbers. The department is notifying impacted individuals, who are being offered free identity protection services for one year, Spivey says.
The department is also asking individuals who used the WorkSource system to reselect and answer security questions and reset their passwords when logging into their account. "As security breaches are unfortunately becoming more common both in the public and private sectors, experts advise that it is also good practice to regularly change security questions for other accounts outside of the WOMIS system," the department says in an Oct. 13 statement.
A criminal investigation has been initiated; the department says it's still unclear whether criminal activity has taken place. The department is cooperating with law enforcement on the investigation.