PII Exposed from State Agency After Employees Fell Victim to Phishing Attack

2019, Breaches, March

Who: Oregon’s Department of Human Services (DHS)

# of Accounts Breached: More than 350,000 client’s data

What was affected: First and last names, addresses, dates of birth, Social Security numbers, case numbers, and other information.

When it happened: January 8, 2019

How it happened: The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they clicked a suspicious link.

Outcome: The agency said that it has hired an outside company called IDExperts to look into the breach and find out exactly how many people may have been compromised — and what specific information may have been available on each client.