In this month of spooky nights and ghost tales, there is something that is even scarier to business owners: Portland cyberattacks. Unlike the message that a vengeful ghost will write on your bathroom mirror, a cyberattack can have long-lasting repercussions for the employees, business, and clients involved. One bad day could lead to the downfall of your business.
Threat actors and hackers attack all types and sizes of businesses; small and medium-sized businesses are not safe. Here are a few cyber attacks that happened right here in Portland, Oregon.
Oregon Department of Environmental Quality Cyberattack and Ransom
Oregon’s Department of Environmental Quality (DEQ) was attacked in April 2025 in a massive cyberattack. The hacking group responsible, Rhysida, reported that they were able to steal 1.3 million files and attempted to ransom that data to DEQ for $2.5 million in Bitcoin. Rhysida also sent a phishing email out to all DEQ employees that included a malicious link to “register” for food waste prevention week events.
DEQ was forced to shut down all operations and networks while the DEQ’s IT team and Microsoft Cybersecurity worked to resolve the issue. It is unclear if the information stolen pertained to only DEQ employees or personal information of Oregon residents stored on their servers, like the results of smog-testing for Oregon drivers.
Unfortunately, DEQ was unable to prevent Rhysida from releasing their 2.4 terabytes worth of files onto the dark web, citing the lack of response to their ransom. Not paying ransom is generally agreed to be a better move than paying one—even after payment, there is no guarantee that the hackers won’t release data regardless. It may even bankroll the hackers to do the same to others.
Even government agencies are susceptible to cyberattacks. This event serves as a crucial warning: rapid response plans and proactive system monitoring are vital for minimizing the fallout of potential future incidents.
The Wreckage of the MOVEit Data Breach
The Vulnerability
SpireTech has mentioned zero-day vulnerabilities before. To be brief, they are vulnerabilities in a new update or new software that can be exploited before they are found and fixed by the developers. Hacker group Cl0p exploited an SQL zero-day vulnerability in MOVEit software that infected the target server with malware and stole information from MOVEit Transfer databases. This was a global attack that affected more than 2000 organizations and 66 million individuals.
Oregon Department of Transportation
In 2023, the Oregon Department of Transportation was a part of the global hack of MOVEit, a widely used file transfer tool to send and receive data. Though ODOT responded immediately and secured their systems as quickly as they could, data records for Oregon driver’s licenses, permits, and ID cards were accessed.
In their press release to the public, ODOT says, “If you have an active Oregon driver’s license, permit, or ID card, you should assume your personal information was exposed.” Not many people know how to check if their data has been compromised online, but it is a vital part in the steps after a data breach—even if someone thinks they are exempt. In this instance, ODOT was also unable to monitor customer accounts for suspicious activity.
Oregon Medicaid
In the same global MOVEit attack, 1.7 million Oregon Medicaid patients had their health information stolen. This data breach was not to Oregon’s medical system directly. It was instead through a claims processing contractor, Performance Health Technology, proving that businesses and organizations are only as strong as their chosen vendors and contractors.
PH Tech reported that the information stolen included names, dates of birth, Social Security numbers, mailing addresses, email addresses, and private health information like diagnoses and claims information. Though PH Tech took action as soon as they were aware of the attack, it was too late. The attack had already happened.
Conclusion
These incidents act as a reminder of just how vulnerable our digital lives are—the need for trustworthy cybersecurity services has never been more important. From data breaches to ransomware attacks, businesses need to minimize their risk as much as possible. When a business invests in robust, dependable protection, they shield their business, their customers, and their employees, as well as demonstrating that safety and trust are priorities. In a world where one incident can change everything, make sure your cybersecurity is a partner you can count on—because the risks are too great to risk it.