Oregon's environmental agency refuses to confirm data theft during cyberattack

In Oregon, the Department of Environmental Quality (DEQ) faced a cyberattack approximately two weeks prior to April 26, 2025. The agency has been tight-lipped about whether sensitive data, including employee information, was compromised during this incident. Reports suggest that a ransomware group known as Rhysida may have been involved, but the department has neither confirmed nor denied these claims. They acknowledged that the matter is currently under investigation and are refraining from disclosing any specifics regarding ransom negotiations or communication with the alleged attackers. The cyberattack led to disruptions in various services offered by the agency, including vehicle smog inspections and normal communication through agency emails. A spokesperson, Lauren Wirtis, noted that while many servers have been restored and employees are now using laptops for work, initial operations were hampered as most employees managed operations via their phones due to a lack of accessible laptops. This situation raised concerns about operational efficiency as the department, tasked with regulating significant environmental factors, struggled to recover from the attack. The DEQ has announced that they will take measures to ensure that all potentially compromised servers and employees' computers are thoroughly rebuilt to eliminate any remnants of malware or infected files. This process is part of their effort to restore services fully and secure sensitive information, which is a growing concern in an era where cyber threats increasingly target governmental agencies and sensitive data. As of now, the department maintains a position of caution as they investigate the attack, emphasizing the need to verify information before making public statements. They have committed to releasing updates as more facts about the incident come to light, which is crucial for maintaining public trust and ensuring transparency during such cyber events.