The Oregon Secretary of State’s office has deleted all passwords for users of its business and elections databases after a breach of its website Feb. 4. Users are also asked to change their passwords to personal accounts if they used the same passwords for the Secretary of State’s Central Business Registry or ORESTAR, the state’s campaign finance reporting system. It’s unclear if the hackers accessed the passwords, but the agency is recommending that the passwords to personal accounts be changed as a precautionary measures, agency spokesman Tony Green said. “The investigation so far indicates that sensitive personal information was not compromised,” said an agency email sent Thursday night to database users.
The emails were sent to all 337,811 people who had ever created an account with one of the Secretary of State’s system, Green said. ORESTAR had 5,777 active users who had logged in within the past year, and the business registry had 58,780.
Agency officials also told legislative leaders this week that they plan to ask for more money.
“We don’t know the total cost of it yet, so we have not given them a number,” Green said. “Once we know what the amount of this is going to be, we’re going to ask the Legislature for some money.”
The agency has hired at least two outside firms in the wake of the website breach.