Two information servers at Oregon’s Department of Environmental Quality may have been breached, state officials said Friday.
There is no evidence that sensitive information has been compromised, said Matt Shelby, state Department of Administrative Services spokesman.
“We were able to confirm that somebody or something had accessed those servers,” he said.
But the servers didn’t have any sensitive information on them, he said.
“That was a good thing, obviously,” Shelby said. “They’re continuing to dig deeper just to be sure whoever got into the vulnerable servers didn’t leapfrog to other parts of the network. That investigation is ongoing.”
The agency maintains about 9,000 Social Security numbers and contact information for about 1,500 current and former employees elsewhere in its network.
If the investigation shows that sensitive information was compromised, the Office of the State Chief Information Officer will work with DEQ to notify affected individuals and provide credit monitoring if necessary.
Last fall, Gov. Kate Brown signed an executive order that centralized all statewide information security under the Office of the State Chief Information Officer and tasked the office with doing a systemic cyber security assessment of all state agencies.
The DEQ vulnerabilities were found as part of that effort.
firstname.lastname@example.org, 503-399-6779 or follow at Twitter.com/Tracy_Loew