PII Exposed from State Agency After Employees Fell Victim to Phishing Attack
Who: Oregon’s Department of Human Services (DHS)
# of Accounts Breached: More than 350,000 client’s data
What was affected: First and last names, addresses, dates of birth, Social Security numbers, case numbers, and other information.
When it happened: January 8, 2019
How it happened: The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they clicked a suspicious link.
Outcome: The agency said that it has hired an outside company called IDExperts to look into the breach and find out exactly how many people may have been compromised — and what specific information may have been available on each client.