The Oregon Construction Contractors Board (CCB) has discovered a security breach involving 8,013 online contractor accounts, according to a report from the agency.
The report said unauthorized individuals gained access to some contractors’ usernames and related password information. The incident occurred between Oct. 27, 2018 and Oct. 29, 2018, and was discovered on April 12, 2019, during a routine audit conducted by the Enterprise Security Office on the agency’s information technology databases.
The audit found that personally identifying information in 466 of these accounts was accessible, and the CCB determined this constitutes a data breach for that subset of accounts.
Upon detection of the issue, the CCB reportedly took immediate steps to determine the scope of the problem and then to remediate the problem., including closing the pathways used by the unauthorized individuals to gain access to the contractor accounts. The CCB is also enhancing its password protection security and is requesting that each affected account holder reset their password.
The compromised information included the email, name, address, and password hash (the code that protects the password) of the affected individuals. Of those compromised accounts, 466 also included an ID number such as state ID or driver license. At this time, there is no evidence that the information has been misused, according to the CCB report.
In addition to asking that all affected account holders reset their passwords, the CCB is sending letters to all affected account holders. These letters advise account holders that CCB is offering identity theft protection and fully managed ID theft recovery services to each of them for one year. Information on how to access these free services is included in the letters being mailed.
The Construction Contractors Board said it is committed to protecting the privacy and security of its licensees, and its systems are frequently reviewed and audited.