The Oregon agency that runs the state’s foster care and welfare programs announced Thursday that the personal information of more than 350 people in those programs might have been compromised, after a Jan. 28 data breach.
An unidentified attacker gained access to the state’s records after nine employees at the Department of Human Services opened so-called “phishing” emails and clicked on a link that allowed the outside party to gain access to their state email accounts, according to a news release.
The state did not say how many Oregonians might be affected. It did say the breach involved their protected health information. Examples of the types of information that might have been compromised include first and last names, addresses, dates of birth, Social Security numbers and case numbers.
“At this point, it involves all of our programs,” agency spokesman Robert Oakes said Tuesday afternoon.
“Primarily (the Aging and People with Disabilities Program), child welfare, self-sufficiency and vocational rehabilitation.” The agency is checking to see if information was compromised in the program for children and adults with intellectual and developmental disabilities, Oakes said.
The state hired a contractor, IDExperts, to perform a forensic review to figure out the exact number and identities of Oregonians whose information was exposed.
Oakes said that firm will contact the people who were affected and inform them of the availability of free credit monitoring services. The state notified news media of the breach in order to comply with a state law that requires entities involved in a data breach to notify people who were affected “in the most expeditious manner possible, without unreasonable delay.”
With more than 8,000 employees, the Department of Human Services is the largest state agency, with programs including foster care, food stamps and cash assistance also known as welfare.
Oregon state government has experienced several data breaches in recent years.
A year ago, Oregon’s tax agency revealed an employee had copied the personal information of 36,000 people.
There were also security breaches at the Secretary of State’s office and Employment Department in 2014 and the state data center in 2015.