Update on Secretary of State Online Systems

On Feb. 4, w​e detected and stopped an intrusion into the agency’s website. As a precaution, we have temporarily taken down our online systems. At this time, we are monitoring both security and performance very carefully.

To keep you informed, we are publishing answers to the most frequently asked questions. They are organized into three groups:

About Online Services and Accounts​​​:

When will ORESTAR, CBR, Business Search and other applications be back up? 

​As quickly as possible. Secre​tary of State staff is working long hours to bring these services back online. Our primary focus is to make sure this intrusion can't be repeated.

How will I know when ORESTAR is back online?

We will email all ORESTAR subscribers when it is fully restored with updated information on filing. You can also sign up to be notified​.​​

Is my username and password information safe?

As a security measure, we have deleted all password information for our online services. That means you will be required to create a new password the next time you use one of our applications, such as ORESTAR or Central Business Registry (CBR). 

If you use the same password for other personal accou​nts, we recommend that you change the password for them as well. ​

Is t​here a risk for an exposed bank account number?

ORESTAR stores encrypted bank account numbers associated with political action committees. If you are an ORESTAR subscriber, you should consult with your bank about security measures.

How many people are involved?

Every re​gistered user of CBR and ORESTAR was potentially affected.

Has the information been m​isused? 

At this time, there is no evidence that there has been any use or attempted use of the information exposed in this in​cident. 

W​hat are the risks of identity theft with the information that was exposed? 

We sent letters to those who have accounts on our online applications and are affected by this breach. Receiving a letter explaining that your information has been compromised in a breach or data loss does not automatically mean that you are a victim of identity theft. ​

The best course of action is to follow the recommendations provided to you when you were notified that your information has been compromised. These recommendations will provide you additional protection. 

Options for Customer Service:

I ne​ed to file a business form, pay a fee, get a certified copy…

Our business ​customers can request look-ups by phone or email, and submit filing and registration forms by fax, mail or in-person. Our customer support staff is here to help by phone at 503-986-2200, or contact us by email​.

How can I look up a business​ name or registration?

To search on active business names, please use the alternate business name search we have provided.​If you don't find the business name you are looking for, please submit your requ​est by email or phone us at 503-986-2200. We can provide information on both active and inactive business names.

How can I register or renew my ​business?

Forms are available​ on our website to mail or fax.​ Please phone us at 503-986-2200 or contact us by email if you need an annual report form for business renewal.  

How can I renew a notary​ commission?

The notary application is a​vailable on our website to mail or fax. 

How can I look up a UCC ​record?

To help businesses looking for images of UCC filings, we have posted a list of UCC debtors with links to the images. The list includes filings with a lapse date later than Feb. 12, 2013. Some images of older filings may not appear in these records. 

Review of these records does not constitute a certified Article 9 search and should not be substituted for a formal search of our records.

Use Internet Explorer to gain access to all of the features in the UCC debtors list. Use instructions and UCC debtors list.

How can I get a copy of a business or UCC fi​ling?

Please submit your requ​est by email or phone us at 503-986-2200 and we will provide the information.

​About the Incident:​​

What data did they get?

The investigation indicates that we caught the intrusion early. In addition, Oregon Secretary of State doesn't store full credit card information.

Ho​w did this happen?

Websites are under attack all of the time. We think we detected and stopped this intrusion before any serious damage occurred.

W​as this caused by malware sites? Some attacks are caused by weaknesses introduced by internal staff.

This appears to be an orchestrated intrusion from a foreign entity and not the result of any employee activities. Consequently, we have contacted both local and federal authorities.

Who did this?

The attack appears to have been launched from a foreign overseas entity. We have alerted law enforcement and ​are sharing forensic data with the authorities to inform any investigation they might conduct.

How will you prevent future attacks?

Internal staff has been analyzing and fortifying our internal structure. ​​​​​​​​​​​​​​​​​​

Receive Updates​

Wat​ch our blog, Facebook and Twitter feeds for new developments. Or sign up for ORESTAR updates.

While our Web services are unavailable, please contact us or check our​ site for what options each division offers. Find service options for

Updated 6:50 p.m. Feb 21​, 2014.