Routine Sweep Finds Lax Security on Dept. of State Lands Website

Produced by: 
KBOO
Program:: 
Air date: 
Mon, 10/15/2018 - 5:00pm to 5:15pm

 

PERSONAL INFO MAY HAVE BEEN ACCESSED BY "OUTSIDE PARTIES"

 

A “security vulnerability” was discovered last week at the Oregon Department of State Lands (DSL). The vulnerability was found in an "internet-connected system" on October 8th during a routine security sweep, and the system was taken down the same day.

According to a press release from the state of Oregon, a forensic investigation by the Enterprise Security Office found that outside parties may have obtained personal information, including birthdates, addresses, names and social security numbers. There was no initial mention of who was affected, but the state says it will contact everybody whose information was compromised.

The DSL administers just under 750,000 acres of land in Oregon, which it leases to various interests, depositing the profits in the state’s Common School Fund.

KBOO reached out to the DSL by phone and email to ask what the compromised system was used for, and whether members of the public are among those whose information was accessed. We received the following response from their Communications Manager, Ali R. Hansen:

"Yes, members of the public were among those  whose personal information may have been accessible. People can create an account on the DSL website to save their unclaimed property searches or to make a claim. The information entered may have been accessed by outside parties. 

Everyone whose information may have been accessed will be notified directly and offered free credit monitoring."

###

Audio by Topic: