PORTLAND, OR (KPTV) – The Oregon Department of Human Services says clients’ personal information, including Social Security numbers, may have been exposed after a data breach exposed email records at the department earlier this year.
The agency says it has hired an outside investigator to perform a forensics review to clarify the number and identities of Oregonians whose information was exposed and how the information was used.
DHS says it cannot confirm that any clients’ personal information was acquired from its email system or used inappropriately, but it wants to notify the public because information was accessible to an unauthorized person or persons.
The agency says a cyber security team on Jan. 28 confirmed that a breach of regulated information had occurred and determined that nine employees opened a phishing email and clicked on a link that compromised their email mailboxes.
Current information indicates that on Jan. 8, a spear phishing email was sent to DHS employees, according to DHS officials, who say nearly two million employee emails were made vulnerable to unauthorized persons.
Those emails contained sensitive client information, including full names, Social Security numbers, dates of birth, addresses, and other information used to administer DHS programs.
Individuals whose information was exposed will be notified, according to DHS.
DHS manages a number of welfare agencies in the state.
Copyright 2019 KPTV-KPDX Broadcasting Corporation. All rights reserved.