On Feb. 4, we detected and stopped an intrusion into the agency’s website. As a precaution, we have temporarily taken down our online systems. At this time, we are monitoring both security and performance very carefully.
To keep you informed, we are publishing answers to the most frequently asked questions. They are organized into three groups:
About Online Services and Accounts:
When will ORESTAR, CBR, Business Search and other applications be back up?
As quickly as possible. Secretary of State staff is working long hours to bring these services back online. Our primary focus is to make sure this intrusion can't be repeated.
How will I know when ORESTAR is back online?
We will email all ORESTAR subscribers when it is fully restored with updated information on filing. You can also sign up to be notified.
Is my username and password information safe?
As a security measure, we have deleted all password information for our online services. That means you will be required to create a new password the next time you use one of our applications, such as ORESTAR or Central Business Registry (CBR).
If you use the same password for other personal accounts, we recommend that you change the password for them as well.
Is there a risk for an exposed bank account number?
ORESTAR stores encrypted bank account numbers associated with political action committees. If you are an ORESTAR subscriber, you should consult with your bank about security measures.
How many people are involved?
Every registered user of CBR and ORESTAR was potentially affected.
Has the information been misused?
At this time, there is no evidence that there has been any use or attempted use of the information exposed in this incident.
What are the risks of identity theft with the information that was exposed?
We sent letters to those who have accounts on our online applications and are affected by this breach. Receiving a letter explaining that your information has been compromised in a breach or data loss does not automatically mean that you are a victim of identity theft.
The best course of action is to follow the recommendations provided to you when you were notified that your information has been compromised. These recommendations will provide you additional protection.
Options for Customer Service:
I need to file a business form, pay a fee, get a certified copy…
Our business customers can request look-ups by phone or email, and submit filing and registration forms by fax, mail or in-person. Our customer support
staff is here to help by phone at 503-986-2200, or contact us by email.
How can I look up a business name or registration?
To search on active business names, please use the alternate business name search we have provided.If you don't find the business name you are looking for, please submit your request by email or phone us at 503-986-2200. We can provide information on both active and inactive business names.
How can I register or renew my business?
Forms are available on our website to mail or fax. Please phone us at 503-986-2200 or contact us by email if you need an annual report form for business renewal.
How can I renew a notary commission?
The notary application is available on our website to mail or fax.
How can I look up a UCC record?
To help businesses looking for images of UCC filings, we have posted a list of UCC debtors with links to the images. The list includes filings with a lapse date later than Feb. 12, 2013. Some images of older filings may not appear in these records.
Review of these records does not constitute a certified Article 9 search and should not be substituted for a formal search of our records.
Use Internet Explorer to gain access to all of the features in the UCC debtors list. Use instructions and UCC debtors list.
How can I get a copy of a business or UCC filing?
Please submit your request by email or phone us at 503-986-2200 and we will provide the information.
About the Incident:
What data did they get?
The investigation indicates that we caught the intrusion early. In addition, Oregon Secretary of State doesn't store
full credit card information.
How did this happen?
Websites are under attack all of the time. We think we detected and stopped this intrusion
before any serious damage occurred.
Was this caused by malware sites? Some attacks are caused by weaknesses introduced by
This appears to be an orchestrated intrusion from a foreign entity and not
the result of any employee activities. Consequently, we have contacted both
local and federal authorities.
Who did this?
The attack appears to have been launched from a foreign overseas entity. We have alerted law enforcement and are sharing
forensic data with the authorities to inform any investigation they might conduct.
How will you prevent future attacks?
Internal staff has been analyzing and fortifying our internal structure.