Oregon Department of Human Services officials say they are notifying about 645,000 clients whose personal information is at risk from a January data breach.
The Statesman-Journal reports state officials announced the notifications Tuesday and will start mailing them Wednesday.
People affected were enrolled in the department’s welfare and children services programs at the time of the breach. Officials said the compromised data includes personal health information, but it’s unknown if was viewed or inappropriately used.
The state is also providing 12 months of identity theft monitoring and recovery services, which includes a $1 million insurance reimbursement policy to impacted individuals.
The breach happened during an email “phishing” attempt that targeted the department Jan. 8. Nine employees opened the email and clicked on a link that gave the perpetrator access to their email accounts.
