SALEM, Ore. -- The Oregon Department of Corrections revealed Wednesday that personal data on hundreds of its employees may have been found on a portable "thumb drive," including payroll information and Social Security numbers, but said all indications are that it was accidental and there's no indication any of the info was misused.
The agency received word on Jan. 27 of the potential information security breach from a non-employee, member of the public. The breach involved a thumb drive that "allegedly contained personally identifiable information about DOC employees," the department said.
The agency immediately began an investigation to verify the report and to determine what data may have actually been on the thumb drive. The Oregon State Police were notified and are assisting with DOC's investigation, in addition to facilitating their own external investigation, officials said.
"Because the thumb drive was damaged prior to the department receiving it, we cannot know what was on it," the DOC news release said. However, they added, "Initial forensic findings indicate that at least two types of information may have been breached:
Staff members' personal information, including social security numbers:
• Payroll reports from Warner Creek Correctional Facility (WCCF) from July 31, 2005 to Sept. 30, 2007, which included names, social security numbers and other payroll information.
• Payroll reports from Deer Ridge Correctional Institution (DRCI) near Madras from Aug. 31, 2006 to Sept. 30, 2007, which included names, social security numbers and other payroll information.
Staff members' personal information, not including social security numbers:
• Payroll reports from WCCF, DRCI and Shutter Creek Correctional Institution (SCCI) from Oct. 1, 2007 to present, which included staff names and other payroll related information similar to what's found on a pay stub. These reports did not include social security numbers.
At this time, the scope of the potential breach is limited to just under 550 total staff members; just under 300 staff members' Social Security numbers have potentially been breached.
"We have no reason to believe staff at institutions other than WCCF, DRCI, or SCCF should be concerned," the agency's statement said.
"We do not believe the breach was malicious in intent, nor do we have any indication at this time that the personal information has been used or misused," they added.
As a precaution, DOC has contracted with ID Experts, a data breach and recovery services expert to ensure protection for staff members whose social security numbers may have been compromised. This service will be free to affected staff. ID Experts will provide staff, whose personal information (names and SS#s) was potentially breached, with fully managed recovery services including:
- 12 months of credit and CyberScan monitoring
- A $20,000 insurance reimbursement policy
- Educational materials; and
- Access to fraud resolution representatives
In addition to notifying staff of the breach and providing credit monitoring services to those whose social security numbers were involved, DOC is continuing to investigate the situation to determine exactly how the thumb drive got into the hands of a non-employee.
The agency is also examining internal practices to ensure that the security of personal information isn't breached in the future.
The department employs approximately 4,500 staff across the state and operates 14 institutions and multiple worksites.
ABOUT
Cloud Solutions
Cloud Backup
Private Cloud Backup
Data Security and Regulatory Compliance
Remote Backup
Laptop Backup
Smartphone and Tablet Backup
Local Storage
Deduplication
Continuous Data Protection
Bare Metal Recovery
Industry Solutions
FAQ
Business Size
Applications
Cloud DR/DRaaS
Cloud IaaS
vCloud Director
vShield App
vShield Edge
vCloud Connector
Support
Services
Partners