Oregon DOC employee 'mistakenly' exposed personal data of 861 people
PORTLAND, Ore. (KOIN) — Oregon corrections officials have disclosed that the personal information of 861 people was revealed in a data breach, but said “it does not appear individuals’ information is at risk.”
On Friday, the Oregon Department of Corrections reported that an employee accidentally sent this personal data to two people who were trying to visit one of its facilities. ODOC said the worker emailed the information on Aug. 28 and Aug. 29, and the department immediately took action when it was informed of the mistake on Sept. 9.
“ODOC contacted the two email recipients and coordinated an appropriate response with its State-side information security resources,” ODOC said. “It was confirmed the emails and their attachments were fully deleted from both recipients’ email and from State mail systems on September 16, 2024.”
The incident uncovered the information of numerous people who had undergone background checks with the corrections agency. Names, drivers’ license numbers, state identification numbers, birth dates and FBI numbers were exposed in the data breach.
Officials determined financial information and social security numbers were not exposed in the breach.
The incident has been reported to Oregon State Police and Cyber Security Services, according to ODOC. The agency said it is also working alongside CSS to prevent any similar mistakes going forward.
Additionally, the agency is offering free identity theft resolution services for the next 12 months “to assist in protecting those affected against identity theft.”