Electronic files containing personal data of up to 2,200 Oregon taxpayers may have been compromised by an ex-employee's unauthorized use of a computer, the Oregon Department of Revenue said Tuesday.
Amy McLaughlin, an information technology security officer with the state, said the incident apparently occurred when an employee downloaded a contaminated file from a porn site. The "trojan" attached to the file may have sent taxpayer information back to the source when the computer was turned on.
"We're not 100 percent certain they were received by anyone," said department spokeswoman Rosemary Hardin.
Hardin said the released data likely involved names or addresses or Social Security numbers, or possibly in some cases all three. It's unclear if it was damaging but said some of the data may have gotten back to the porn site.
Ed O'Meara, head of the department's information processing division, said about 1,600 files had been identified so far and that the total likely will not surpass 2,200. He said 1,300 letters were sent out to the affected taxpayers as of Monday night and the rest are being contacted as they are identified.
He said there was no pattern to the people whose data may have been released.
"A lot of it is of no value to anyone," he said. "In some cases we struggled to identify who the person was."
McLaughlin said the department determined on May 15 that the computer was being improperly used and on May 23 that some data may have been captured and sent out.
[an error occurred while processing this directive]