Embedded Files
(MAY 1, 2025) A group of hackers has released over 1.3 million files stolen from the Oregon Department of Environmental Quality (DEQ) after a cyberattack earlier this month. The files contained about 2.4 terabytes of data. They were posted on the dark web by a ransomware group called Rhysida.
It is still not clear if the stolen files include private information about Oregon residents, such as vehicle registration data, or only sensitive information about DEQ employees. DEQ spokesperson Lauren Wirtis said, "DEQ is aware of these claims. They are still under investigation."
DEQ first reported a possible cyberattack on April 9, 2025. Most services were shut down, including vehicle emissions testing needed for driver registration in Portland and Medford. During the outage, employees had to work from their phones because they did not have access to their laptops or internal files. Emissions testing at DEQ sites restarted on April 14, but many business testing sites are still not fully operating.
Hackers from Rhysida originally tried to sell the stolen files for 30 Bitcoin (around $2.5 million). They posted a message saying, “We tried to contact them, but they chose to ignore us. And now their files have been released.” Part of the stolen data was auctioned off. The rest is now free to download on the dark web.
Rhysida has attacked many other organizations in the past, including the British Library, the Port of Seattle, and medical centers.
Although DEQ said for weeks that there was no evidence of a data breach, cybersecurity websites reported that Rhysida claimed responsibility 10 days ago. The DEQ’s new online portal, called DEQ Online, was not affected.
Oregon’s Enterprise Information Services is now investigating the attack. DEQ said it has not made any ransom payments and does not know when the investigation will be finished.
Under Oregon law, if personal data has been stolen, businesses must quickly notify the people affected.
Sources:
Ehrlich, April. “Hackers Release Millions of Files after Oregon DEQ Cyberattack.” Opb, OPB, 26 Apr. 2025, www.opb.org/article/2025/04/25/oregon-department-of-environmental-quality-deq-cyberattack-hacking-vehicle-registration-data/. Accessed 28 Apr. 2025.
The. “Oregon DEQ Won’t Say If Ransomware Group Took Employee Data in Cyberattack.” Oregonlive, 25 Apr. 2025, www.oregonlive.com/news/2025/04/oregon-deq-wont-say-if-ransomware-group-took-employee-data-in-cyberattack.html. Accessed 28 Apr. 2025.
Photo by Towfiqu barbhuiya: https://www.pexels.com/photo/a-person-typing-on-laptop-while-wearing-a-fingerless-gloves-8541751/
Ehrlich, April. “Hackers Release Millions of Files after Oregon DEQ Cyberattack.” Opb, OPB, 26 Apr. 2025, www.opb.org/article/2025/04/25/oregon-department-of-environmental-quality-deq-cyberattack-hacking-vehicle-registration-data/. Accessed 28 Apr. 2025.
The. “Oregon DEQ Won’t Say If Ransomware Group Took Employee Data in Cyberattack.” Oregonlive, 25 Apr. 2025, www.oregonlive.com/news/2025/04/oregon-deq-wont-say-if-ransomware-group-took-employee-data-in-cyberattack.html. Accessed 28 Apr. 2025.
Photo by Towfiqu barbhuiya: https://www.pexels.com/photo/a-person-typing-on-laptop-while-wearing-a-fingerless-gloves-8541751/
Report abuse