The compromise occurred up when a state employee visited pornographic websites and downloaded a suspect file containing a information-harvesting trojan. This system operated within the state Department of Revenue’s network, giving the trojan access to taxpayer personal data, including names, addresses and Social Security numbers.
According to Oregon’s information technology department, the compromise was discovered on May 23. The employee was fired immediately and Oregon took steps to inform effected citizens by mailing 1,300 letters this week.
“I want the citizens of Oregon to know that we are taking every possible action to ensure that the people affected by this breech receive immediate notification, and that the state of Oregon will do everything possible to guard against any further compromise of their personal information,” said Gov. Ted Kulongoski. “I will direct the Department of Revenue to help affected taxpayers by providing credit-monitoring and other services to protect them from damage by this virus.”