Trojan horse captured data on 2,300 Oregon taxpayers

The Oregon Department of Revenue has been contacting some 2,300 taxpayers this week to notify them that their names, addresses or Social Security numbers may have been stolen by a Trojan horse program downloaded accidentally by a former worker who was surfing pornographic sites while at work in January.

Rosemary Hardin, a spokeswoman for the Oregon-based agency, said the malware was discovered on the worker's desktop computer on May 15, after the worker was fired for violating departmental policies that forbid inappropriate Web surfing at work. The Trojan horse was found after IT workers investigated performance problems with the computer. The worker is not being identified by the agency.

An investigation by agency security personnel and the Oregon State Police found that the malicious program was designed to capture keystrokes on the former employee's computer, Hardin said. The employee was an entry-level worker who was assigned to entering taxpayer name and address changes, as well as some Social Security numbers. "We know that the information that the Trojan gathered up was transmitted outside of the agency" to an unrelated Web site. The incident is still under investigation.

Officials at the Department of Revenue don't know whether any of the transmitted information was ever received, she said. None of the information included income tax or banking information for the affected taxpayers.

The Trojan horse was apparently included in a video download or some other similar file saved on the computer by the former employee. "This individual was surfing pornographic sites and other inappropriate sites," she said. The department uses Web blocking software, but the former worker was apparently able to access a porn site that had not yet been blocked by the software, she said.

Internet usage is monitored on a random basis for all 1,000 of the agency's employees, Hardin said, but workers at that time were allowed to conduct personal Web business, such as checking their banking or personal e-mail accounts, during lunch and other breaks. Since the incident, however, workers are no longer permitted to conduct any personal business on agency computers while at work. "We've changed our policy for now to prohibit personal use because we want to minimize the risk of this ever happening again."

The Trojan horse was of such a new variety that the agency's antivirus software, which is updated every two hours for security reasons, had not yet been updated to protect against it, Hardin said. The agency reported the malware's strain to the antivirus vendors, who then updated their software.

There have been no reports of identity theft connected to the incident so far, though about 200 people have called with questions, according to Hardin. "People seem to be understanding," she said. "Nobody has reported any kind of suspicious activity."

All 2,300 affected taxpayers have been offered help in guarding against identity theft. The agency is looking into providing a year's worth of free credit monitoring services for each of the taxpayers and will soon contact them about how to sign up for that program, Hardin said. The department also set up a Web page listing frequently asked questions about the Trojan horse to provide more information.

"This has been very difficult for us," Hardin said. "Protecting the confidential information of our taxpayers is at the core of what we do."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Todd Weiss

Computerworld
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?