Cyber Incident Victim: Oregon Construction Contractors Board

The Oregon Construction Contractors Board (CCB) discovered a security breach during a routine audit conducted by its Enterprise Security Office on April 12, 2019. The audit targeted the agency’s information technology databases and revealed unauthorized access to 8,013 online contractor accounts. Investigators determined the breach occurred over a three-day period between October 27 and October 29, 2018, nearly six months prior to detection. Unauthorized individuals compromised contractor usernames and associated password information through this intrusion. The CCB publicly disclosed the incident on May 17, 2019, following internal verification of the breach details. No evidence suggested broader system compromise beyond the specified contractor credential database. The delayed discovery timeline indicated the breach remained undetected for approximately five and a half months prior to the routine audit findings.

The compromised credentials exposed contractors to potential account misuse and secondary attacks leveraging reused passwords. The CCB did not specify whether encrypted or plaintext passwords were accessed in its public reporting. No financial data or personally identifiable information beyond account credentials was confirmed as compromised in the breach disclosure. The agency’s announcement provided no details regarding containment measures, forensic methodologies, or post-breach remediation efforts beyond confirming the audit’s role in detection. Impacted contractors received notifications following the May 2019 public disclosure, though the CCB did not elaborate on notification timelines or identity protection offerings. The incident marked one of the first major cybersecurity events publicly reported by a Oregon state licensing agency during that operational period.