SO
Company Details
Linkedin ID:
state-of-oregon
Website:
Employees number:
10,454
Number of followers:
44,817
NAICS:
92
Industry Type:
Homepage:
oregon.gov
IP Addresses:
0
Company ID:
STA_3243538
Scan Status:
In-progress
State of Oregon Company CyberSecurity Posture
oregon.gov
Official LinkedIn page for the state of Oregon. Oregon is a state in the Pacific Northwest region of the United States. It is located on the Pacific coast, with Washington to the north, California to the south, Nevada on the southeast and Idaho to the east. The Columbia and Snake rivers delineate much of Oregon's northern and eastern boundaries, respectively. The area was inhabited by many indigenous tribes before the arrival of traders, explorers, and settlers who formed an autonomous government in Oregon Country in 1843. The Oregon Territory was created in 1848, and Oregon became the 33rd state on February 14, 1859.
State of Oregon A.I CyberSecurity Scoring
SO Risk Score (AI oriented)Between 750 and 799
SO
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SO Global Score (TPRM)XXXX
SO
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SO Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Oregon Department of Transportation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Millions of drivers and car owners had their personal information taken as a result of the MOVEit breach, including the departments of motor vehicles in Louisiana and Oregon. The company was hacked, exposing information from an estimated 3.5 million identity cards and driver's licences. Given that many people's personal information was exposed to potential unscrupulous actors, the Oregon DMV data breach could be risky for them. As of right now, there is no evidence that the MOVEit hacker group sold, exchanged, or publicly publicised the OMV information they stole.
Oregon Department of Transportation
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The MOVEit Transfer file transfer platform, created by Progress Software Corporation, was the subject of a recent, major hacking effort by the Cl0p ransomware group, according to alarming information disclosed by cybersecurity firm Emsisoft. The analysts estimate that 60,144,069 people and about 1,000 organisations were affected by the attacks. The Cl0p group's leak site, state breach reports, SEC filings, and other public disclosures are the sources of the data. The attacks affected tens of millions of people, according to the experts. Maximus, Pôle emploi, Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America, Genworth, PH Tech, and Milliman Solutions are the organisations with the greatest number of affected persons.
SO Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SO
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for State of Oregon in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for State of Oregon in 2025.
Incident Types SO vs Government Administration Industry Avg (This Year)
No incidents recorded for State of Oregon in 2025.
Incident History — SO (X = Date, Y = Severity)
SO cyber incidents detection timeline including parent company and subsidiaries
SO Company Subsidiaries
Official LinkedIn page for the state of Oregon. Oregon is a state in the Pacific Northwest region of the United States. It is located on the Pacific coast, with Washington to the north, California to the south, Nevada on the southeast and Idaho to the east. The Columbia and Snake rivers delineate much of Oregon's northern and eastern boundaries, respectively. The area was inhabited by many indigenous tribes before the arrival of traders, explorers, and settlers who formed an autonomous government in Oregon Country in 1843. The Oregon Territory was created in 1848, and Oregon became the 33rd state on February 14, 1859.
Loading...
SO Similar Companies
Ministry of Environment and Urbanism
MINISTRY of ENVIRONMENT and URBANISM (MEU) MAIN SERVICE UNITS ================== 1) General Directorate of Construction Works 2) General Directorate of Spatial Planning 3) General Directorate of Environmental Management 4) General Directorate of EIA, Permits and Control 5) General Directo
Rijksoverheid
Op vrijwel alle werkterreinen en functieniveaus biedt de Rijksoverheid leuke en boeiende banen. Vacatures zijn bovendien in heel Nederland te vinden. Waar voor jou precies de mogelijkheden liggen hangt onder andere samen met je vooropleiding. Zowel met een mbo- of hbo-diploma als met een universitai
FDA
The Food and Drug Administration is an agency within the Department of Health and Human Services. The FDA is responsible for protecting the public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices; and by ensuring the safet
UK Home Office
At the Home Office, we help to ensure that the country is safe and secure. We’ve been looking after UK citizens since 1782. We are responsible for: - working on the problems caused by illegal drug use - shaping the alcohol strategy, policy and licensing conditions - keeping the United Kingdom safe
Secretaría de Educación Pública
MISIÓN/PROPÓSITO: La SEP tiene como propósito esencial crear condiciones que permitan asegurar el acceso de todas las mexicanas y mexicanos a una educación de calidad, en el nivel y modalidad que la requieran y en el lugar donde la demanden. VISIÓN: En el año 2025, México cuenta con un sistema
Department of Health (Philippines)
The Philippine Department of Health (abbreviated as DOH; Filipino: Kagawaran ng Kalusugan) is the executive department of the Philippine government responsible for ensuring access to basic public health services by all Filipinos through the provision of quality health care and the regulation of all
US Government Accountability Office
For more information about GAO, please visit www.gao.gov. General Information The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," GAO investigates how the federal government spends taxpayer dolla
IBGE
The Brazilian Institute of Geography and Statistics or IBGE (Portuguese: Instituto Brasileiro de Geografia e Estatística), is the agency responsible for statistical, geographic, cartographic, geodetic and environmental information in Brazil. The IBGE performs a national census every ten years, and t
Københavns Kommune
Københavns Kommune er Danmarks største arbejdsplads med ca. 45.000 medarbejdere. Vi udvikler hovedstaden og servicerer over 500.000 københavnere. Vores mål er at fastholde og udvikle København som en af verdens bedste byer at bo i – og skabe øget vækst gennem viden, innovation og beskæftigelse. Fi
.png)
SO CyberSecurity News
November 19, 2025 08:00 AM
A dangerous tipping point? Anthropic’s AI hacking claims divide experts
Startup's announcement of world's first AI-led hacking campaign prompts both alarm and scepticism among experts.
October 20, 2025 07:00 AM
Cybersecurity Awareness Month Focus Areas for State and Local Government
State and local agencies nationwide are marking Cybersecurity Awareness Month. Oregon and Colorado are leaning into the National...
October 07, 2025 07:00 AM
US Data Privacy Guide
In 2019, the US data privacy framework changed significantly with the emergence of the California Consumer Privacy Act which created a...
October 01, 2025 07:00 AM
Oregon promotes Core 4 practices for online safety during Cybersecurity Awareness Month
Enterprise Information Services (EIS) and the state of Oregon this week announced their participation in Cybersecurity Awareness Month this...
September 29, 2025 07:00 AM
These 2 states are spearheading K12 cybersecurity legislation
As cybersecurity threats ramp up in complexity and frequency, these five states are addressing these challenges through targeted legislation...
September 05, 2025 07:00 AM
University of Oregon Investigates Student Who Found Cybersecurity Flaws
After a physics student reported being able to access confidential information, the university accused him of violating policies on...
September 03, 2025 07:00 AM
New report highlights five states stepping up K-12 cyber
Arkansas, Massachusetts, Oregon, Pennsylvania and Texas are introducing and passing legislation that other states could learn from,...
August 26, 2025 07:00 AM
MS-ISAC Report Notes Protective State Cybersecurity Models
Case studies in the Multi-State Information Sharing and Analysis Center's latest report show how states are extending cyber protections...
August 21, 2025 07:00 AM
College of Information Sciences and Technology welcomes 11 new faculty members
The Penn State College of Information Sciences and Technology welcomed 11 new faculty members in July. They represent the college's three...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SO CyberSecurity History Information
Official Website of State of Oregon
The official website of State of Oregon is http://www.oregon.gov/.
State of Oregon’s AI-Generated Cybersecurity Score
According to Rankiteo, State of Oregon’s AI-generated cybersecurity score is 776, reflecting their Fair security posture.
How many security badges does State of Oregon’ have ?
According to Rankiteo, State of Oregon currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does State of Oregon have SOC 2 Type 1 certification ?
According to Rankiteo, State of Oregon is not certified under SOC 2 Type 1.
Does State of Oregon have SOC 2 Type 2 certification ?
According to Rankiteo, State of Oregon does not hold a SOC 2 Type 2 certification.
Does State of Oregon comply with GDPR ?
According to Rankiteo, State of Oregon is not listed as GDPR compliant.
Does State of Oregon have PCI DSS certification ?
According to Rankiteo, State of Oregon does not currently maintain PCI DSS compliance.
Does State of Oregon comply with HIPAA ?
According to Rankiteo, State of Oregon is not compliant with HIPAA regulations.
Does State of Oregon have ISO 27001 certification ?
According to Rankiteo,State of Oregon is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of State of Oregon
State of Oregon operates primarily in the Government Administration industry.
Number of Employees at State of Oregon
State of Oregon employs approximately 10,454 people worldwide.
Subsidiaries Owned by State of Oregon
State of Oregon presently has no subsidiaries across any sectors.
State of Oregon’s LinkedIn Followers
State of Oregon’s official LinkedIn profile has approximately 44,817 followers.
NAICS Classification of State of Oregon
State of Oregon is classified under the NAICS code 92, which corresponds to Public Administration.
State of Oregon’s Presence on Crunchbase
Yes, State of Oregon has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/oregon-department-of-environmental-quality.
State of Oregon’s Presence on LinkedIn
Yes, State of Oregon maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/state-of-oregon.
Cybersecurity Incidents Involving State of Oregon
As of December 19, 2025, Rankiteo reports that State of Oregon has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
State of Oregon has an estimated 11,745 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at State of Oregon ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
Incident Details
Can you provide details on each incident ?
Title: MOVEit Data Breach
Description: Millions of drivers and car owners had their personal information taken as a result of the MOVEit breach, including the departments of motor vehicles in Louisiana and Oregon. The company was hacked, exposing information from an estimated 3.5 million identity cards and driver's licences. Given that many people's personal information was exposed to potential unscrupulous actors, the Oregon DMV data breach could be risky for them. As of right now, there is no evidence that the MOVEit hacker group sold, exchanged, or publicly publicised the OMV information they stole.
Type: Data Breach
Threat Actor: MOVEit hacker group
Title: MOVEit Transfer Platform Hack by Cl0p Ransomware Group
Description: The MOVEit Transfer file transfer platform, created by Progress Software Corporation, was the subject of a recent, major hacking effort by the Cl0p ransomware group.
Type: Ransomware
Threat Actor: Cl0p ransomware group
Motivation: Data exfiltration and ransom
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ORE61425623
Data Compromised: Personal information, Identity cards, Driver's licences
Identity Theft Risk: High
Incident : Ransomware ORE45181223
Data Compromised: 60,144,069 people
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Identity Cards, Driver'S Licences and .
Which entities were affected by each incident ?
Incident : Data Breach ORE61425623
Entity Name: Department of Motor Vehicles, Louisiana
Entity Type: Government
Industry: Public Sector
Location: Louisiana
Incident : Data Breach ORE61425623
Entity Name: Department of Motor Vehicles, Oregon
Entity Type: Government
Industry: Public Sector
Location: Oregon
Incident : Ransomware ORE45181223
Entity Name: Progress Software Corporation
Entity Type: Corporation
Industry: Software
Customers Affected: 60,144,069 people and about 1,000 organisations
Incident : Ransomware ORE45181223
Entity Name: Louisiana Office of Motor Vehicles
Entity Type: Government
Incident : Ransomware ORE45181223
Entity Name: Colorado Department of Health Care Policy and Financing
Entity Type: Government
Incident : Ransomware ORE45181223
Entity Name: Oregon Department of Transportation
Entity Type: Government
Incident : Ransomware ORE45181223
Entity Name: Teachers Insurance and Annuity Association of America
Entity Type: Organization
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ORE61425623
Type of Data Compromised: Personal information, Identity cards, Driver's licences
Number of Records Exposed: 3.5 million
Sensitivity of Data: High
Incident : Ransomware ORE45181223
Number of Records Exposed: 60,144,069
Ransomware Information
Was ransomware involved in any of the incidents ?
References
Where can I find more information about each incident ?
Incident : Ransomware ORE45181223
Source: Emsisoft
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Emsisoft.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an MOVEit hacker group and Cl0p ransomware group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were personal information, identity cards, driver's licences, , 60,144 and069 people.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 60,144,069 people, personal information, driver's licences and identity cards.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 63.6M.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Emsisoft.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
Risk Information
cvss3
Base: 4.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Description
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Description
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a vulnerability a function handler in the Vega AST evaluator.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=state-of-oregon' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
