Text Size:   A+ A- A   •   Text Only
Find     
Site Image

ODOC responds to employee information breach
News Release from: Oregon Dept. of Corrections
Posted: February 9th, 2011 3:59 PM
 
ODOC responds to employee information breach
 
The Department of Corrections (DOC) received word, January 27, 2011, of a potential information security breach from a non-employee, member of the public. The breach involved a thumb drive that allegedly contained personally identifiable information about DOC employees.
 
The department immediately began an investigation to verify the report and to determine what data may have actually been on the thumb drive. The Oregon State Police were notified and are assisting with DOC's investigation, in addition to facilitating their own external investigation.
 
Because the thumb drive was damaged prior to the department receiving it, we cannot know what was on it. Initial forensic findings indicate that at least two types of information may have been breached:
 
Staff members' personal information, including social security numbers:
 
• Payroll reports from Warner Creek Correctional Facility (WCCF) from July 31, 2005 to Sept. 30, 2007, which included names, social security numbers and other payroll information.
• Payroll reports from Deer Ridge Correctional Institution (DRCI) from Aug. 31, 2006 to Sept. 30, 2007, which included names, social security numbers and other payroll information.
 
Staff members' personal information, not including social security numbers:
 
• Payroll reports from WCCF, DRCI and Shutter Creek Correctional Institution (SCCI) from Oct. 1, 2007 to present, which included staff names and other payroll related information similar to what's found on a pay stub. These reports did not include social security numbers.
 
At this time, the scope of the potential breach is limited to just under 550 total staff members; just under 300 staff members' social security numbers have potentially been breached. We have no reason to believe staff at institutions other than WCCF, DRCI, or SCCF should be concerned.
 
We do not believe the breach was malicious in intent, nor do we have any indication at this time that the personal information has been used or misused.
 
As a precaution, DOC has contracted with ID Experts, a data breach and recovery services expert to ensure protection for staff members whose social security numbers may have been compromised. This service will be free to affected staff. ID Experts will provide staff, whose personal information (names and SS#s) was potentially breached, with fully managed recovery services including:
 
- 12 months of credit and CyberScan monitoring
- A $20,000 insurance reimbursement policy
- Educational materials; and
- Access to fraud resolution representatives
 
In addition to notifying staff of the breach and providing credit monitoring services to those whose social security numbers were involved, DOC is continuing to investigate the situation to determine exactly how the thumb drive got into the hands of a non-employee. The agency is also examining internal practices to ensure that the security of personal information isn't breached in the future.
 
The department employs approximately 4,500 staff across the state and operates 14 institutions and multiple worksites.
 
Contact Info: DOC Communications Manager Jeanine Hohn at 503.945.9426, or DOC Public Affairs Manager Jennifer Black at 503.945.9225.