The Department of Human Services (DHS) in Oregon suffered a data breach earlier this year in which a threat actor obtained unauthorized access to the personal data of around 645,000 of the agency’s clients. The agency is notifying those impacted by the breach.
On January 8, a cybercriminal was able to access the email accounts of nine DHS employees after they fell for a phishing email. The agency ended the unauthorized access about three weeks later by enforcing a password reset. This means that for about 20 days, the attacker had access to the mailboxes that contained the full names, physical addresses, dates of birth, social security numbers (SSNs), case numbers, protected health information (PHI), and other sensitive data of DHS clients.
Read more: Phishing Attack Exposes Data of 645,000 Oregon DHS Clients