851,322 individuals who used Oregon Employment Department’s WorkSource Oregon Management Information System (WOMIS) will soon be receiving notices that they information might have been compromised due to a recently discovered vulnerability.
The Oregon Employment Department received an anonymous tip about the existence of the vulnerability and, according to Ken Westin, they reacted by taking down the system on Monday in order to patch it.
The system is now back online, and has been “reinforced.” In the meantime, the Department, along with law enforcement officials, has mounted an investigation to see if the vulnerability has been taken advantage of to harvest user data.
Registering with and using WOMIS means users shared personal information typically put in job applications, such as names, address, social security numbers, and so on.
According to FOX 12, the investigation revealed that of the 1.9 million people who registered, a little over 850,000 might have been affected.
There is still not concrete word on whether the data was actually compromised and there is no evidence any of it has been misused, but the Department decided to preemptively offer identity theft protection to the potentially affected jobseekers.
They will also be asked to reset the passwords and re-select security questions on their accounts.