State finds possible security breach in 2 DEQ servers

Scans this week performed by the State Chief Information Office identified potentially malicious activities on two information servers operated by the Department of Environmental Quality, officials announced Friday.

The agency said in an announcement that it “has taken steps to protect sensitive information and eliminate any future intrusion to the agency’s information technology systems. Forensic investigations by security experts are ongoing to determine the extent of the incident.”

So far, they said, “there is no evidence that sensitive information about individuals, businesses or facilities has been compromised.” But they noted the agency maintains about 9,000 Social Security numbers and contact information for about 1,500 current and former employees elsewhere in their network.

If continued investigations do identify compromised sensitive information, the information office said it will work with DEQ to notify and support affected individuals. Support could include providing credit monitoring, if necessary.

At Governor Brown’s direction, the OSCIO is conducting a systemic cyber-security assessment of all state agencies, starting with the biggest, or those agencies having extensive public interactions. The assessments are a proactive effort by the state to minimize risk to the state’s electronic information systems, to best protect Oregonians and businesses.