4_800x533_L_1412522645.jpg)
By Courtney Sherwood
PORTLAND Ore. (Reuters) - Hackers gained access to social security numbers and other sensitive information from up to around 850,000 Oregon job-seekers in a massive breach that began some time before Oct. 6, the state's employment department said on Tuesday.
The security flaw that led to the breach was quickly patched without disrupting online services. But individual employment files, which can include social security numbers and other identifying information, had already been accessed, Employment Department spokeswoman Andrea Fogue said.
The intrusion follows a spate of computer security breaches that have hit U.S. companies.
Sears Holdings Corp said on Friday it was the victim of a cyber attack that likely resulted in the theft of some customer payment card data at its Kmart stores.
Restaurant chain Dairy Queen also confirmed that it may have compromised payment card information of customers across 46 U.S. states.
Other widespread breaches include those of Home Depot Inc, Michaels Stores Inc and Neiman Marcus, and a massive breach of the systems of Target Corp in late 2013.
In the Oregon breach, hackers broke into a state database used by thousands of job seekers, including those filing for unemployment benefits, but did not gain direct access to the state's separate database for unemployment data, Fogue said.
It was not immediately clear how many social security numbers were attached to the 850,000 individual records in the database, nor was it clear what data was extracted by the hackers, she said.
Fogue added that as far as she knew the data had not been used by the hackers.
The agency has not determined exactly when the data breach took place, or if the database was hacked multiple times, she said.
Those affected by the breach will receive notification by mail and will be offered third-party identity theft protection at employment department expense, she said.
(Reporting by Courtney Sherwood in Portland, Oregon; Editing by Eric M. Johnson and Eric Walsh)