In Short

Candidates, others have to reset passwords to Oregon campaign finance system after hack

By: - May 10, 2022 4:55 pm
Secretary of State glass door

Hundreds of candidates, treasurers and others have to reset their passwords to the Secretary of State’s online campaign finance database. (Salem Reporter)

About 1,100 people who use the Oregon Secretary of State’s online campaign finance tracking system have to reset their passwords following a ransomware attack against a web provider.

The office said the hack did not affect state election data.

“No sensitive data on our systems has been exposed,” the agency said in a release. “No systems related to elections administration have been compromised.”

Attackers hacked their way into Opus Interactive, a web provider, and obtained access to a C&E Systems database used by candidates, treasurers and others involved in elections. C&E handles campaign finance compliance for political campaigns. 

Its database, which the hackers encrypted, included login credentials to the Secretary of State’s ORESTAR system. ORESTAR contains information about candidates and their finances. Almost all of it is public, according to Ben Morris, a Secretary of State spokesman.

“They do not have the ability to see someone’s ORESTAR login credentials,” Morris said about the hackers. “But they’ve blocked the company from being able to access their own data,” Morris said. 

Those affected account for roughly 6% of the database users, the office said. The Secretary of State’s office is notifying those affected that they have to create new passwords.

The ORESTAR system is separate from other electoral databases, Morris said. 

“The password reset is a cautionary step to protect the users from having their information compromised,” Morris said. “All of the sensitive election-related systems are separate and secure.” 

They include voter registration and vote tallying systems.

Jef Green of C&E Systems also said that some candidate profiles were down for the day because of the hack. He said the data the company lost access to was the same that had been reported to the Secretary of State’s office.

We had to do some manual data entry into ORESTAR, but the client committees are not being affected,” Green wrote in an email.

The attack could come up during a press conference Wednesday with Secretary of State Shemia Fagan. She’s scheduled to give brief remarks on Oregon’s new postmark law, election integrity, voter turnout and basic voting information, her office said.

Her office learned about the hack on Monday evening, Morris said. But the attack took place Sunday evening, according to a notice on Opus Interactive’s status page. It includes dozens of chronological updates every few minutes that have remained unchanged: “Opus Interactive and certain Opus-hosted customer virtual servers and backups were hit by a ransomware attack which encrypted the server disk files. Industry-leading cybersecurity and digital forensics experts have been engaged to assist in our response to the incident.”

Hackers have encrypted data on scores of government and company websites and demanded millions of dollars in payment. 

Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site.

Lynne Terry
Lynne Terry

Lynne Terry has more than 30 years of journalism experience, including a recent stint as editor of The Lund Report, a highly regarded health news site. She reported on health and food safety in her 18 years at The Oregonian, was a senior producer at Oregon Public Broadcasting and Paris correspondent for National Public Radio for nine years.