• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Oregon DHS Hack 2M Emails Breached

Oregon DHS Hack 2M Emails Breached

2019-03-22 by Michelle Dvorak

Oregon DHS Hack

Oregon DHS Data Breach Compromised 2 Million Emails Hacked

Oregon Department of Human Services (DHS) announced that approximately two million emails were hacked in a January 8 data breach. The hackers gained access to DHS employee emails with a targeted spear phishing attack in which nine employee mailboxes were breached compromising the data from about two million emails and 350,000 clients.

Oregon DHS states that nine employees clicked on a link in a spear phishing email that was sent on January 8, 2019. The email breach followed on January 28 and allowed the hackers to access about two million employee emails that contained the personal data of clients.

What Are Phishing Email Scams
What Are Phishing Email Scams?

The spear phishing email attack allowed hackers to access the personal information of over 350,000 clients in Oregon DHS welfare and children services programs. The emails exposed Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA.) The hacked emails contained data about clients like full names, birthdates, social security numbers, addresses, case numbers, and other personal information used to administer DHS programs.

The passwords of the hacked DHS email boxes were reset to stop the hackers.

What is a Spear Phishing Attack?

A spear phishing email attack is a cybercrime in which a hacker sends phishing emails to targeted individuals. Spear phishing emails are targeted at one or more individuals and use information previously gathered about the recipient. For example, in the case of Oregon DHS, the hackers may have gathered the names and email addresses of employees from their own agency website. The more information a hacker has about the target, the more tailored the email is which makes it more believable. A spear phishing email may address the recipient by their first name and contain other information known about the recipient that was gleaned from a work website, social media, or previous interactions. Spear phishing emails are crafted and focused. They can be a multistep, patient process.

5 Phishing Email Examples
5 Phishing Email Examples

Spear phishing attacks typically send a smaller quantity of emails than seen in a broader phishing email attack.

The hack is a data breach under Oregon’s Identity Theft Protection Act (ORS 646A.600 to 646A.628). Since the number of victims exceeds 350,000 potential victims, notifications were released to the media and on state agency websites. IDExperts is handling the data breach on behalf of DHS and has established a toll-free at 800–792-1750 to assist clients.

Oregon DHS is offering free credit monitoring and identity theft recovery services for people breached but the hackers. Individuals who are part of the data breach will receive a notification through US Postal mail. Consumers have the option to freeze their credit reports for free. Parents may request a credit report freeze for DHS minors under the age of 16.

Filed Under: News Tagged With: spear phishing

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version