SALEM — Secretary of State Kate Brown has informed the Oregon Legislature that she’ll be asking for money to hire a security contractor to fix her website, which was taken offline after hackers broke in.
Brown’s office hired a contractor to review security upgrades and another to help manage an expected flood of phone calls from website users, said Tony Green, a spokesman for the secretary of state’s office. He said he didn’t immediately have information about the contractors.
Brown’s office has cut off access to the state’s business registry and campaign finance records since the hacking was discovered Feb. 4. Officials have said little about what information was compromised or when the website will work, but they insist personal information is safe. The hackers did not get access to the state’s central voter registration database, officials say.
Green declined again Friday to say when the website might return or whether the public can be assured of having access to campaign finance information before the primary in May or local elections next month. The office has suspended fines for businesses that are late in paying annual fees.
“We have been literally working overtime and every single day since we detected this to get it up and running,” Green said. “First thing we have to do is make sure we can get it up securely. I think the only thing that would be more frustrating than the current situation is if we put it up prematurely and then experienced additional problems.”
Rep. Peter Buckley, an Ashland Democrat who co-chairs the budget committee, said Brown told him that she’s hired a security contractor to fix the vulnerabilities and may need to hire one more. Buckley said he’s unsure how much money will be needed, but Brown has told him it would be relatively small.
“It’s not going to be a mind-blowing cost,” Buckley told The Associated Press.
The funding request probably won’t be ready for the full Legislature, which is in session for two more weeks, Buckley said, so it will likely go to the Emergency Board in May.
Officials have said the incident has been reported to law enforcement. An email to website users informed them that all passwords have been reset and they’ll have to pick a new one once the systems come back online. People who use the same password for other services were advised to change those access codes as well.
The agency said that bank account numbers for political committees are encrypted, but users were advised of steps they can take to monitor their credit and identity.
Green said one of the contractors was hired to deal with phone calls expected after that email went out. He didn’t immediately know how many calls had come in.