If you have a news tip send us an email at: tips@oregoncapitalinsider.com

SAIF data breach exposes information from thousands of people

The Oregon workers' compensation insurer sent letters in late December notifying employees of six policyholders that their names and Social Security numbers had been accessed in a phishing attack.

PARIS ACHEN/CAPITAL BUREAU - The Oregon Capitol in SalemA cyber-security breach at Oregon's State Accident Insurance Fund Corp. may have exposed confidential information of more than 1,750 people.

The information, including the individuals' names and Social Security numbers, was compromised on Nov. 3 when a hacker gained access to a SAIF auditor's email account. That account contained emails which included personal information on employees for six companies that get their workers' compensation insurance through the quasi-public agency.

Among those affected are some substitute teachers and school classified workers in the Portland metropolitan area.

As of late Wednesday, Jan. 3, there had been no reports of identity theft as a result of the attack, said Lauren Casier, a SAIF spokeswoman.

"SAIF is diligent about protecting the confidential information that is shared with us," Bruce Hoffman, the company's vice president of underwriting, wrote in a letter to affected employees. "We deeply regret that this incident has occurred. We are reviewing what needs to be done to avoid any recurrence."

Employees were notified in late December that their confidential information may have been exposed. The seven-week delay resulted from the time needed to manually review email folders and attachments to identify what personal information was contained and to compose a letter to employees, Casier said.

The affected employees work at six companies that buy insurance from SAIF, including EMS SubDesk, a Beaverton company that provides substitute teachers and classified workers to several charter schools in Multnomah and Washington counties. Katey Thomas, EMS SubDesk's registered agent, did not return a telephone call from the Pamplin/EO Capital Bureau seeking comment on the data breach. A call and email to the company's general mailboxes also were not returned.

On Wednesday, Casier declined to release names of companies affected by the breach, citing a state public records disclosure exemption.

The Capital Bureau independently obtained a letter about the cyber-security failure that identified EMS SubDesk.

Casier did identify the other companies' location and line of work. They are:

  • A home health care provider in Beaverton

  • A construction company in Portland

  • An agriculture company in Dayton

  • A construction company in Hillsboro

  • A construction company in Beaverton

    One of the policyholders may have had financial account information exposed in the attack, and that policyholder has been notified, she said.

    SAIF is required by law to request payroll information from policyholders as part of its premium audit process. While the request does not include Social Security numbers, employers sometimes provide that information as part of the payroll information, Casier said.

    Upon learning of the hack on Nov. 3, SAIF officials immediately disabled the auditor's email accounts and reported the cyber-security breach to the FBI, the Oregon Department of Justice and consumer-reporting agencies Equifax, Experian and TransUnion.

    SAIF also retained CSIdentity to provide employees of the policyholders with credit monitoring and credit restoration free of charge for a year, Casier said. Employees have until March 31 to sign up.

    Data breaches have affected high-profile companies such as Target and Equifax, the latter of which may have exposed private information of half of Americans.

    "Sensitive data can easily be the target of attacks; they should be well protected via … encryption, so that even if an attacker broke into an account and stole the data, they still cannot decrypt it," said Jun Li, a computer science professor and director of the University of Oregon's Center for Cyber Security and Privacy.

    Oregon state agencies have struggled with cyber security for years. In 2014, hackers gained access to computer systems in the Secretary of State's office and Employment Department. A year later, the state data center was hit.

    A November 2016 audit, overseen by then-Secretary of State Jeanne Atkins, found problems at 13 agencies, concluding that "planning efforts were often perfunctory, security staffing was generally insufficient, and critical security functions were not always performed."

    How to avoid getting "phished"

    Email account holders can avoid phishing attacks by refraining from clicking on links in emails "unless you are confident what the links really are," deploying state-of-the-art anti-phishing mechanisms, or installing meticulous spam filters, according to Jun Li, a computer science professor and director of the University of Oregon's Center for Cyber Security and Privacy.

    Li also recommended credit monitoring for longer than 12 months after a hack, as an attacker could wait longer than a year to use the information.

    The center holds an annual Oregon Cyber Security Day where the public can learn other ways to enhance cyber security. The next event is scheduled for April 20 at the University of Oregon in Eugene.

    Paris Achen
    Portland Tribune Capital Bureau
    email: pachen@portlandtribune.com
    Follow us on Twitter
    Visit Us on Facebook

    Access your account

    Subscriber Login

    cialiscialis couponcialis genericcialis dosagegeneric cialiscialis costcialis vs viagracialis pricescialis side effectscialis couponscialis 30 day sampleviagra vs cialiscialis onlinecialis pillscialis samplesbuy cialiscialis 20 mgcialis patent expirationcialis coupons printablecialis for daily usecialis samples overnightcheap cialiscost of cialis200 cialis couponcialis dailycialis 20mggeneric cialis at walmartcealiscialis canadacialis trialhow does cialis workwhen will cialis go genericcialis on lineside effects of cialiscialis 30 day trial couponcialis 5mgcialis for mencialasbuy cialis onlinecialis for salecialis patent expiration date extendedhow to take cialiscialis pricecialis from canadahow much does cialis costfree cialisviagra vs cialis vs levitracialis reviewscialis coupons from manufacturerwhat is cialiscialis pills for salecialis patent expiration 2017canadian cialiscialis tadalafilcialis or viagrageneric for cialiscialis professionalcialis free trialcialis medicationciliascialis for bphcialis coupons 2017cyaliscialis dosage strengthscialis discountgeneric cialis tadalafildiscount cialiscialis dosage recommendationscialis 5 mgonline cialiscialis canadian pharmacycialis copay cardlowest cialis pricescialis for womencialis generic availabilitycialis vouchercialis savings cardcialis 10 mgcialis websitecialis generic tadalafilliquid cialisdaily cialisviagra cialiscialis otcerectile dysfunction cialiscialis 5mg dailycanada cialiscialis coupon 20 mgcialis pricingcialis coupon printviamedic cialiscialis cheapcialis pharmacy pricescialis 20mg directionsprice cialiscialis samplewholesale cialiscialis alternativecialis effectscialis testimonialslevitralevitra couponlevitra 20 mglevitra 20mgbuy levitralevitra priceslevitra genericlevitra onlinelevitra vs viagrageneric levitralevitra couponslevitra rezeptfrei deutschlandlevitra 10 mg prezzocheap levitra9 levitra at walmartlevitra erfahrungenlevitra dosageviagra vs cialis vs levitrageneric levitra vardenafil 20mgwhat works better than viagrabuy levitra onlinelevitra without a doctor prescriptionbuy generic levitralevitra 20mg cost per pillvardenafil 20mglevitra prezzo in farmacialevitra 20 mg precio farmaciavardenafil vs viagralevitra 20 mg cost walmartlevitra vs viagra for hardnesslevitra bayer 20mg meilleur prixlevitra 20 mg von bayerviagrageneric viagraviagra genericviagra couponsviagra without a doctor prescriptionviagra onlineequipe argentine viagraviagra pricesbuy viagracialis vs viagracheap viagraviagra pillsviagra samplesviagra side effectswhat is viagraviagra couponviagra naturalviagra dosageviagra for sale uknatural viagrabuy viagra onlinegeneric viagra 100mgfemale viagrahow does viagra workhow to use viagraviagra activateherbal viagraviagra tabletssophia viagraviagra sans ordonnanceviagra kaufenviagra tabletviagra vs cialisonline viagracanadian viagraviagra for womenviagra ohne rezept aus deutschlandpfizer viagraviagra 100mgviagra costfree viagraviagra alternativesviagra canadaviagra on lineviagra single packsviagra for menviagra pillviagra 100mg tablets retail priceorder viagraviagra tescoside effects of viagraviagra pillen kruidvatviagra for salediscount viagrawhat does viagra doviagra costsviagra uklevitra vs viagrawhere to buy viagraviagra substitutehow long does viagra lastviagra alternativeviagra receptfrittviagra priceviagra 100viagra en ligne livraison 24hviagra on line no precviagra 100 mgutilisation viagrabest price viagracost of viagraviagra sexviagra wikipediasex viagra for womenviagra nebenwirkungenrevatio vs viagraviagra without a doctor prescription usaviagra genericoviagra 50mgviagra from canadaover the counter viagraviagra effectsviagra medicinepfizer viagra coupons from pfizerbuy generic viagraviagra wikiviagra bestellenviagra ohne rezept auf rechnungcanada viagrawomen viagrabuying viagraviagra soft