A week before Oregon's primary election, the Oregon Elections Division said a web hosting provider used by the firm that handles ORESTAR, the state campaign finance reporting system, was hit by a ransomware attack.
Secretary of State Shemia Fagan’s office said that people inputting records into ORESTAR may have been affected, and have been sent detailed instructions on what actions to take.
Fagan’s office said in a statement Monday, "The Oregon Secretary of State has not been hacked. No sensitive data on our systems has been exposed. No systems related to elections administration have been compromised."
According to the Oregon Elections Division, the agency learned Monday that Opus Interactive, a web hosting provider used by the campaign finance firm C&E Systems, was the victim of the ransomware attack.
Opus Interactive's website was down Tuesday morning, and an online status page about the problem stated, "Opus Interactive and certain Opus-hosted customer virtual servers and backups were hit by a ransomware attack which encrypted the server disk files," adding that cybersecurity and digital forensics experts were assisting in the company's response.
Fagan's statement explained, "C&E’s database was compromised, which includes their client’s log-in credentials for ORESTAR accounts."
As a result, the Secretary of State’s office said it is requiring all 1,100 affected users to reset their passwords.
Owner of C&E Systems, Jeff Green disputed the number and said that only about 300 affected clients were political committees involved in the 2022 midterm elections in Oregon. He told KGW8, "At least 500 of the committees don't exist anymore."
Green added, "This isn’t going to affect any of our clients as far as the reporting (of campaign spending and contributions). None of the candidates are going to be affected by this because, even though we don’t have access to our fancy database to make it easy for us, we can still do everything that needs to be done manually."
ORESTAR is used by candidates for state and local elections, while candidates for national office use a different system.
Fagan's office also said that it works with the FBI, US Cybersecurity and Infrastructure Security Agency and the Elections Infrastructure Information Sharing and Analysis Center year-round to ensure the integrity of its systems.
According to KGW8, one-tenth of registered voters had already cast their ballots for the May 17 primary election as of Tuesday morning, by mail or using drop-off boxes. According to unofficial ballot counts from the Secretary of State, 288,337 completed ballots have been returned out of a total of just over 2.9 million registered voters.