Oregon agency won’t say if hackers stole data in cyberattack

Oregon’s environmental agency won’t say if a group of hackers stole data in a cyberattack that was first announced earlier this month.

The Oregon Department of Environmental Quality on Friday declined to confirm or deny reports that ransomware group Rhysida was behind the cyberattack and stole department data, including sensitive employee information, The Oregonian/OregonLive reported.

The department said in a news release Friday that the claims referenced in recent media coverage were part of its investigation.

Department spokesperson Lauren Wirtis declined to comment on whether Rhysida had contacted the department or asked for a ransom, The Oregonian/OregonLive reported.

The department said it had not “engaged” in ransom discussions “with any entity claiming to have information stolen from DEQ for sale.” It added that it would provide more details when it has verified information.

The department, which regulates air, water and land quality, first announced the cyberattack roughly two weeks ago. Services, including vehicle smog inspections and agency emails, were interrupted.

Most servers are back online and hundreds of staff are now working on laptops, Wirtis said in an email Friday. The department had said last week that most employees didn’t have laptops and were working from their phones.

Potentially impacted servers and all employee computers have to be rebuilt in order to ensure no infected files remain, the department said.

Multiple cyberattacks have been attributed to Rhysida in recent years, including ones last year targeting the operator of Seattle-Tacoma International Airport and Ohio’s capital city of Columbus.

© 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.