Two weeks later, Oregon still recovering from breach
Officials in Oregon are still working to secure the state’s campaign finance website that was possibly hacked two weeks ago in the latest public cyber-breach at the state government level.
It was Feb. 5 that hackers broke into the campaign finance website, called ORESTAR, which is housed by Oregon’s secretary of state, and accessed, among other things, the bank account numbers of the state’s political candidates.
The breach is now the subject of a Federal Bureau of Investigation probe.
Oregon officials told the Statesman Journal the state would not be providing any updates on the breach until their work securing the site was complete.
“They are in the process of executing their security incident response plan, they went over the activities as they’ve moved from containment to diagnosis and now into recovery, while continuing the investigation with the FBI,” Department of Administrative Services spokesman Matt Shelby wrote in an email to the Statesman Journal.
The hacked site is the state’s database for campaign finance transactions, including records of payments candidates or political parties have made to the state. The database also includes transactions between a candidate’s bank account and his or her campaign fund, along with financial donations.
Kate Brown, Oregon’s secretary of state, is waiving fines for lack of campaign finance reporting while ORESTAR is down and is temporarily changing how people can file statements for Oregon’s voter’s pamphlet.
Oregon is not alone is suffering a major cybersecurity breach.
In March 2012, computer hackers broke into a Utah State government server and stole the Social Security numbers of up to 280,000 people, as well as less-sensitive information from up to an additional 500,000 others.
Later that year, South Carolina’s Department of Revenue exposed the Social Security numbers of 3.8 million taxpayers plus credit card and bank account data after an employee fell victim to a phishing email.
In both of those cases, the states took strong action following the attacks, including restructure their security operations, hiring of new security professionals and providing services to those affected, such as free credit reporting.
In a previous interview with StateScoop, William Pelgrin, the CEO of the Center for Internet Security, said nefarious actors are turning their attention partly toward state governments as the federal government has made itself tougher for hackers to penetrate.
With states handling much of the same personal information as the federal government, they are an attractive target for hackers, especially as some states lack the cybersecurity funding and professional expertise as the federal government.