The compromise of a web-hosting provider used by a well-known campaign finance compliance firm prompted the state elections office to require all users of its finance reporting system to reset their passwords.
The Oregon Elections Division, part of the Secretary of State’s office, said Monday it learned Opus Interactive, which hosts websites for campaign finance outfit C&E Systems, was a victim of a ransomware attack.
Although C&E Systems’ database, including log-in credentials for its clients’ accounts on Oregon’s campaign reporting platform, ORESTAR, were compromised, the secretary of state’s office said its own systems were not.
“No sensitive data on our systems has been exposed,” Secretary of State Shemia Fagan said in a Monday press release. “No systems related to elections administration have been compromised.”
Nonetheless, the elections division is working “proactively” to protect the integrity of its systems, a secretary of state’s office official said, and will require all ORESTAR users to reset their passwords. The 1,100 users will receive a notification with detailed instructions on how to proceed, the press release said.
“None of our systems have been compromised,” Chris Molin, Oregon Secretary of State Information Systems Division director, said. “Out of an abundance of caution, we are taking steps to protect isolated users impacted by the attack, and communicating proactively about the issue to prevent confusion.”
“The Oregon Secretary of State takes cybersecurity extremely seriously,” the press release reads, noting the office works year-round with federal cybersecurity agencies to probe and harden its systems.
Little information is available regarding the nature and extent of the ransomware attack.
“Opus Interactive and certain Opus-hosted customer virtual servers and backups were hit by a ransomware attack, which encrypted the server disk files,” a 6 a.m. Tuesday post to the company’s website reads. “Industry-leading cybersecurity and digital forensics experts have been engaged to assist in our response to the incident. Our team is continuing to work towards resolution. No further information at this time.”