Data of 645k Oregonians exposed following a phishing assault by nine DHS staff

Data breach

Phishing attack allows hackers to enter staff accounts of Oregon DHS.

Over 645,000 Oregonians who signed up with the State Department of Human Services (DHS) for advantages were accidentally subjected to hackers after nine DHS staff were fooled by phishing messages.

According to an Oregon DHS news release this week, the phishing attack took place on January 8, 2019.

The nine staff who fell for the phishing attack started having issues with accessing their email accounts from the next day.

The phishing incident was found by a subsequent inquiry. Until January 28, DHS employees secured accounts, a complete 20 days after the first hackers arrived.

The Cyber Security team of the DHS and the Enterprise Security Office said the intruders had access to more than two million emails. The emails included file attachments with information from over 645,000 Oregonians who had registered for multiple advantages at one stage or another.

It is uncertain whether any of the user data was accessed and downloaded by the hackers. In March, the department made the violation public and began to notify all patients affected by DHS this week.

Affected consumers will receive an email containing information on the event and guidelines on how to enroll in a free program that offers surveillance and retrieval facilities for 12 months of identity theft.

But not the only organization that has fallen for this year’s phishing assault is the Oregon DHS. The Australian Catholic University also experienced a information breach after last month’s staff also fell for a phishing assault. Attackers got away with account information, email, and calendars from personnel bank accounts.

Phishing is one of the oldest instruments in the arsenals of hackers, and the most efficient after all these years.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.