OR: Payroll data on 550 DOC employees found on thumb drive in Madras

Posted on by Dissent

Dennis Thompson Jr. reports:

A thumb drive turned up in Madras containing confidential payroll information for nearly 550 Oregon Department of Corrections employees — a security breach that potentially affects as many as one in 10 DOC employees.

A member of the public who came into possession of the flash drive notified the agency on Jan. 27 about the security breach, DOC spokeswoman Jeanine Hohn said.

The thumb drive contained payroll reports from Warner Creek Correctional Facility in Lakeview, Deer Ridge Correctional Institution in Madras, and Shutter Creek Correctional Institution in North Bend.
The reports held personal information on just under 550 staff members, including names and pay stub data, Hohn said. The agency employs about 4,500 people statewide.

Read more on Statesman Journal.

In a statement posted on the agency’s web site today, the DOC explains:

[…]

Because the portable digital storage device was damaged prior to the department receiving it, we cannot know with complete certainty what was on it. Initial forensic findings indicate that at least two types of information may have been breached:

Staff members’ personal information, including SSNs* (Group 1)

  • Payroll reports from Warner Creek Correctional Facility (WCCF) from July 31, 2005 to Sept. 30, 2007, which included names, social security numbers and other payroll information similar to what’s found on a pay stub.
  • Payroll reports from Deer Ridge Correctional Institution (DRCI) from Aug. 31, 2006 to Sept. 30, 2007, which included names, social security numbers and other payroll information similar to what’s found on a pay stub

Staff members’ personal information, not including SSNs (Group 2)

  • Payroll reports from Warner Creek Correctional Facility, Deer Ridge Correctional Institution and Shutter Creek Correctional Institution (SCCI) from Oct. 1, 2007 to present, which included staff names and other payroll related information similar to what’s found on a pay stub. These reports did not include social security numbers.

The scope of the breach is just under 550 total staff members. DOC employs approximately 4,500 employees across the state of Oregon.

Additional information is available on the DOC site.

Category: Breach IncidentsGovernment SectorU.S.