Oregon DEQ won’t say if ransomware group took employee data in cyberattack

The Oregon Division of Environmental High quality on Friday declined to substantiate or deny studies {that a} well-known ransomware group stole worker recordsdata in a latest cyberattack on the company.

The division confronted questions after a number of cybersecurity web sites reported that ransomware group Rhysida is behind the cyberattack on the DEQ and has stolen and auctioned off the company’s information, together with delicate worker info.

“DEQ is conscious of those claims. They’re nonetheless underneath investigation,” mentioned DEQ spokesperson Lauren Wirtis.
DEQ initially reported it was investigating a cyberattack on April 9. The assault put a near-halt on work on the company and shuttered car emissions inspection stations. Staff labored fully from their telephones whereas Enterprise

Data Companies, which administers the state’s info expertise and cybersecurity controls, rebuilt their laptops.

Emission stations reopened 5 days later and most company servers are actually again on-line, Wirtis mentioned.
Over the previous two and half weeks, DEQ officers have repeatedly maintained the company has discovered no proof of an information breach.

However 10 days in the past, in line with cybersecurity web sites similar to Safety Week, ransomware group Rhysida took credit score for the cyberattack, claiming it had stolen 2.5 terabytes of recordsdata. Rhysida additionally mentioned it could dump the info for 30 bitcoin, or about $2.5 million, in line with the report. The Oregonian/OregonLive couldn’t independently affirm the report.

Wirtis declined to touch upon whether or not Rhysida had contacted the division.

“We now have not engaged in ‘ransom’ or fee discussions with the attacker, or with any entity claiming to have info stolen from DEQ on the market,” the company mentioned in a press release.

A number of high-profile assaults have been attributed to Rhysida ransomware lately, together with a 2023 assault on California-based well being care system Prospect Medical Holdings and a 2024 assault on the Port of Seattle.

An Oregon legislation says companies and different entities should observe a stringent protocol in being clear when information has been breached, together with well timed notification of residents whose information has been stolen.

Individuals affected by an information breach can discover it tough to get better damages in courtroom as a result of proving a hyperlink between id theft and monetary theft has proved difficult. An Oregon choose earlier this month threw out a lawsuit that sought to get better damages for as many as 3.5 million Oregonians whose driver license or ID card info was stolen in a large worldwide information breach in 2023.