Cyber Incident Victim: Opus Interactive

In early May 2022, Opus Interactive—a web hosting provider servicing C&E Systems, a firm supporting Oregon’s campaign finance reporting—experienced a ransomware attack. The Oregon Secretary of State’s Elections Division became aware of the incident on Monday, May 9, 2022, one week before the state’s primary election. Attackers encrypted server files at Opus Interactive, disrupting its operations and forcing its website offline. The breach compromised financial records and client credentials stored by C&E Systems, which utilized Opus Interactive’s infrastructure to support its services. This exposure necessitated immediate password resets for approximately 1,100 ORESTAR system users, Oregon’s online platform for state and local campaign finance reporting. Secretary of State Shemia Fagan’s office issued public assurances that no internal state systems, including election administration infrastructure or sensitive voter data, were breached.

C&E Systems’ owner, Jef Green, clarified that only around 300 active political committees for the 2022 midterms were directly affected, though reporting workflows faced temporary disruptions. Manual processes were activated to ensure compliance with disclosure deadlines despite the attack. Federal campaign systems remained unaffected, as they operate independently of Oregon’s ORESTAR platform. Opus Interactive engaged cybersecurity experts to remediate the ransomware encryption and restore services, while the Secretary of State’s office coordinated with cybersecurity agencies to monitor potential threats to election-related systems. As of May 10, 288,337 ballots had been returned statewide, with officials emphasizing uninterrupted election operations despite the incident. The attack underscored dependencies on third-party vendors in election-adjacent systems but did not impede voting infrastructure or ballot counting.