Oregon 2021 Data Breach Passes Last Year’s Total

• January 2020: Hackers sent a malicious file via email to Gustafson & Company, LLC on January 21. Although Gustafson had firewalls and anti-malware programs in place, when a staff member clicked the message, a remote access trojan was activated. The hackers accessed encrypted client tax return files. 
• September 2020: SYUFY Enterprises noticed suspicious activity on the network on September 16. By the time a full investigation was launched, the hackers had already accessed and stolen important documents and other personal contact information.
• January 2021: Transtar Industries announced that there was unauthorized activity on their server on January 9. Hackers accessed private data belonging to 9,000 people. All affected individuals were notified and encouraged to sign up for credit monitoring.
• August 2021: On August 8, a ransomware attack on ReproSource Fertility Clinic’s network resulted in a massive data breach that involved 350,000 patients. Leaked personal information includes driver’s licenses, social security numbers, financial account numbers, test reports, and medical history reports.

How is the Government Preparing for Future Data Breaches?

As cyberattacks show no sign of stopping, the Government of Oregon is beefing up cybersecurity across the state through several legislative mandates. 

• Oregon’s Unlawful Trade Practices Act: There is already a law in Oregon that holds firms and organizations accountable for their online privacy policies. It stipulates that every customer must agree to a certain privacy policy before using any online tool or before downloading an app. 
• Oregon’s Student Information Act: Several platforms teach or provide educational materials online. However, many of these platforms collect and store information about their students. This privacy policy makes it unlawful for internet-based education platforms to compile and disclose student information for non-educational purposes.
• Oregon's Data Breach Notification Law: The law requires businesses to protect Oregonian’s data at all cost. It also mandates businesses to notify any resident of Oregon whose data has been compromised. The Department of Justice will penalize anyone who refuses to implement and use appropriate security measures or any business that refuses to notify customers when there is a data breach.
• Oregon Identity Theft Protection Act: This law mandates individuals to available cybersecurity measures when protecting personal data. The law also mandates the disposal of any personal information that is no longer needed.

How can you protect yourself from a data breach?

• Create a strong password: A strong password is longer than eight characters and includes a combination of letters, numbers, and special symbols. To create a strong password, do not recycle old passwords. Avoid using common words or phrases when creating your password.
• Enable multi-factor authentication: This added protection requires anyone accessing your account to supply specific personal information even after typing the password correctly. Enabling this authentication can further protect your data from hackers.
• Do not open links from unfamiliar addresses: Most ransomware attacks start with malicious links that were sent out as mails. If you receive mail that contains any link, verify the address before opening the link. If the address looks unfamiliar, delete the mail immediately.
• Monitor your credit report: Monitoring credit reports can help you spot identify thefts. It helps you keep track of what goes down in your account and also notifies you of any suspicious activity. The Consumer Financial Protection Bureau can help you get started with credit monitoring.