A piece of third-party software that hadn’t been updated might have been the vulnerable point invaded by hackers of the Oregon secretary of state’s website, a state report found. The February breach took election and business records offline for nearly three weeks, delaying disclosure of campaign-finance information and forcing staff to handle many functions by hand. Citing security concerns, officials wouldn’t name the suspect software but described it as an application development tool commonly used by governments and private-sector organizations. They say the software has now been patched, and they’re working to have future security updates installed automatically.
The report was sent to state lawmakers on Thursday. Secretary of State Kate Brown is asking the Legislature’s Emergency Board for approval to move money around to cover the $176,000 price tag for investigating and fixing the problem.
The secretary of state’s office has more than 1,300 types of software, said Tony Green, an agency spokesman. Many update automatically, but some require staff to download them manually.
“We are working toward a solution to remove the human element and provide for an automated method for providing patching updates,” Green said.