Governor Kate Brown

Though Oregon Gov. Kate Brown says she was "assured that no personally identifying information was compromised," she says the breach caused "serious concerns about the integrity of state data."

(Michael Lloyd|The Oregonian)

SALEM -- Oregon officials said Thursday that they plan to restructure information technology functions after software found an external third-party had gained access to a state network.

Gov. Kate Brown said in a statement that someone gained access to so-called metadata last week at the Department of Administrative Services, which handles technology for much of state government.

The hackers weren't able to access to any personal identifying information, Brown said. But metadata, such as the sizes of data and the timestamps of messages, were compromised, said Kristen Grainger, Brown's spokeswoman. Metadata is data about data.

"Although I have been assured that no personally identifying information was compromised, this incident causes me to have serious concerns about the integrity of state data," Brown said.

Software detected an intrusion into the agency's network, which happened three days before it was detected, Grainger said.

The state's chief information officer, Alex Pettit, will now take charge of the agency's Enterprise Technology Services Division, who will work with the Legislature on how IT resources should be structured and funded, Brown said.

The state will also begin a process to find a management and organizational design expert to review IT standards, she said. The review will identify vulnerabilities and provide recommendations to fix them, Brown said.

This is not the first time a state agency has been hit. In October, tech experts received an anonymous tip that hackers had breached a database at the Oregon Employment Department.

The target in that hack was the WorkSource Oregon system that Oregonians use as they look for jobs at state unemployment offices. It stores personal information commonly used on job applications, such as names, addresses and Social Security numbers.

Hackers also targeted the Oregon secretary of state's office last February, while Brown was still secretary of state. A state report found a piece of third-party software that hadn't been updated might have been the vulnerable point invaded by hackers.

The security breach at the secretary of state's office took election and business records offline for nearly three weeks.

-- The Associated Press