Exploit: Supply Chain Risk
The Oregon Elections Division: Regional Government Agency
Risk to Business: 2.702 = Moderate
The Oregon Elections Division has announced that it has informed an estimated 1,100 people that their information may have been exposed in a data breach after the online system where campaign finance records are published was hit by a ransomware attack at its web hosting provider. The Oregon Elections Division said it was informed by C&E systems, a campaign finance firm that its web hosting provider Opus Interactive was the victim of a ransomware attack. Through that incident, C&E’s database was compromised, which includes their client’s log-in credentials for ORESTAR accounts. C7E disputes the number of affected accounts, placing it closer to 300. This attack has no impact on the voting or elections process outside campaign finance.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
Source: Security Week