Security Vulnerability Discovered State Lands Office, Oct. 16

During a regular cybersecurity assessment, security specialists at the Enterprise Security Office identified an information security vulnerability on an internet-connected system with the Oregon Department of State Lands. In coordination with the Department of State Lands, the Enterprise Security Office began the assessment on October 5, 2018. The impacted system was taken offline on Monday, October 8, after a potential vulnerability was determined. The vulnerability was confirmed on Thursday, October 12, during the course of the assessment. The system contained some personal information, including names, addresses, birthdates, and social security numbers. Through forensic investigations, security specialists have determined it is likely outside entities may have accessed some of this information. The Department of State Lands will notify individuals whose information may have been compromised, and those individuals will be offered free credit monitoring. At the direction of Governor Brown, the Enterprise Security Office conducts regular cybersecurity assessments of state agencies. These assessments are a proactive effort to minimize risk to the state’s electronic information systems and to best protect the information of Oregonians and businesses.