Oregon DEQ wont say if ransomware group took employee data in cyberattack
3 minute readPublished: Friday, April 25, 2025 at 11:07 pm
Oregon DEQ Silent on Potential Employee Data Breach After Cyberattack
The Oregon Department of Environmental Quality (DEQ) is staying tight-lipped about a recent cyberattack, refusing to confirm or deny reports that a ransomware group stole employee data. The agency is currently investigating the incident, which occurred on April 9th and significantly disrupted operations, including shutting down vehicle emissions inspection stations.
While the DEQ initially reported it was investigating a cyberattack, the agency has not confirmed if any data was stolen. However, cybersecurity websites have pointed the finger at the notorious ransomware group Rhysida, alleging they were behind the attack. These reports claim Rhysida stole 2.5 terabytes of files, including sensitive employee information, and is attempting to sell the data for a hefty ransom of 30 bitcoin (approximately $2.5 million).
The DEQ spokesperson, Lauren Wirtis, stated the agency is aware of these claims but is still investigating. The agency has repeatedly stated they have found no evidence of a data breach. The attack caused significant disruption, forcing employees to work remotely and requiring the rebuilding of laptops. While emissions stations have since reopened and most servers are back online, the potential for a data breach raises serious concerns.
Rhysida has been linked to other high-profile attacks, including incidents at a California healthcare system and the Port of Seattle. Oregon law mandates transparency and timely notification to residents if their data has been compromised. The DEQ's silence on the matter leaves many questions unanswered and highlights the growing threat of cyberattacks on government agencies.
Keywords: Oregon DEQ, cyberattack, ransomware, Rhysida, data breach, employee data, vehicle emissions, cybersecurity, data theft, Oregon, Lauren Wirtis, data security, ransomware group, data compromise, sensitive information, data investigation