In early April 2025, the Oregon Department of Environmental Quality (DEQ), responsible for overseeing the state’s air, land, and water quality, faced a significant cybersecurity incident. On April 9, the DEQ announced it was investigating a cyberattack that had compelled the agency to shut down its networks to contain the threat. This disruption affected critical services, including email communications, help desk operations, and vehicle inspection stations. The DEQ assured the public that its environmental data management system, hosted on a separate server, remained unaffected.
Despite the DEQ’s daily updates stating no evidence of a data breach, the Rhysida ransomware group claimed responsibility for the attack on April 14. The group alleged it had exfiltrated 2.5 terabytes of sensitive data, encompassing employee information. To substantiate their claim, Rhysida released a low-resolution screenshot purportedly showing the stolen data, though its authenticity is challenging to verify due to the image’s quality.
The ransomware group has threatened to auction the purported data if the DEQ does not comply with their ransom demands. They have set the starting price at 30 bitcoins, approximately $2.5 million. However, the likelihood of such a sum being paid for data from a state agency remains uncertain.
As of April 15, the DEQ’s latest update neither confirmed nor denied the occurrence of a data breach. The agency continues to work diligently to restore its services and assess the full impact of the cyberattack.
