The Oregon Department of Revenue is revealing a security incident that involved approximately 36,000 individuals with records at the department.
On February 21, 2018, a Department of Revenue employee uploaded work files to a personal cloud storage account. Department of Revenue's information security staff identified the upload through routine log reviews. When the incident was detected, the employee's computer was seized and all network accesses and credentials were immediately disabled. The employee was duty stationed at home and placed on paid administrative leave pending conclusion of a conduct investigation.
Department staff immediately launched a security investigation to determine the scope of the incident and the specifics of the information involved. Over the next several days, all files were deleted from the personal account. No evidence exists indicating the information was viewed or accessed by anyone other than department staff.
While all data was successfully retrieved, it took time to thoroughly review the information involved and determine the number of potentially impacted individuals, as there were many duplicate records.
The Department of Revenue says there is no indication that any personal information was accessed by an unauthorized person or used inappropriately, as an added precaution the department is providing identity theft recovery services for potentially impacted individuals.
A vendor, ID Experts, will send individual notices to the potentially impacted individuals with instructions on how to register for the service.
The department is also adding the potentially impacted information into their identity theft risk file. Once added to this file, additional identity validation may be required when filing an Oregon personal income tax return. The department shares this file securely with numerous states' tax departments to help prevent the information from being used to fraudulently file returns in other states.
Source: Oregon Department of Revenue