A week before the Oregon primary election, the secretary of state’s office is taking steps to protect the integrity of its online system where campaign finance records are posted after a web hosting provider was hit by a ransomware attack.
Secretary of State Shemia Fagan’s office said people entering records into the state’s ORESTAR campaign finance reporting system may have been affected and have been given detailed instructions on what to do.
“The Oregon secretary of state was not hacked,” reassured voters in Fagan’s office in a statement late Monday. “No sensitive data on our systems was exposed. No systems related to the administration of the elections were compromised.
On Tuesday, a tenth of registered voters had already voted for the May 17 primary election. Oregonians vote by mail or using official drop boxes.
The Oregon Electoral Division said it learned on Monday that Opus Interactive — a web hosting provider used by campaign finance firm C&E Systems — had fallen victim to a ransomware attack.
“C&E’s database has been compromised, which includes their customer login credentials for ORESTAR accounts,” Fagan’s statement said. The secretary of state’s office said it was requiring all 1,100 affected users to reset their passwords.
But Jef Green, owner of C&E Systems, gave a lower number of affected users, saying only about 300 customers are political committees involved in Oregon’s 2022 midterm elections.
“At least 500 of the committees no longer exist,” Green said. His company offers help with all aspects of campaign compliance and reporting, and said the ransomware attack is more of an annoyance than anything.
“It will not affect any of our clients with respect to reporting (on campaign spending and contributions). None of the applicants will be affected by this because although we don’t have access to our sophisticated database to make it easier for us, we can still do whatever needs to be done manually,” he said.
While national and local election candidates use ORESTAR, national election candidates like Congress use a different system.
Opus Interactive’s website was down Tuesday morning. A person who answered the phone to the company said they could not comment on the ransomware attack.
An online “status page” About the issue the Portland company said “Opus Interactive and certain virtual servers and client backups hosted by Opus were hit by a ransomware attack that encrypted files on the server disk.” He added that leading cybersecurity and digital forensics experts have been hired to help with the company’s response.
Fagan’s office said it works year-round with the U.S. Cyber and Infrastructure Security Agency, the Election Infrastructure Information Sharing and Analysis Center and the FBI to ensure the integrity of its systems.
As of Tuesday morning, 288,337 completed ballots were returned out of a total of just over 2.9 million registered voters, according to an unofficial count by the Secretary of State.