The recent cyber attack on the Department of Environmental Quality (DEQ) could have been prevented. We know this because Oregon AFSCME represented members warned the agency that there was a danger to the security of DEQ’s system, and those concerns were ignored.
Now our members at DEQ are struggling to meet the needs of Oregon. They are being forced to use their own leave to cover for the state being unable to deal with a foreseeable cyber attack. Employees went without laptops for a couple of weeks, being forced to work from phones. Laptops have just started being returned, but they are poor quality which impacts work productivity.
We discovered on April 25, 2025, that the personal and private information of DEQ employees was posted to the dark web, raising further concerns over privacy, banking security, and more. It has been reported that this information includes (but may not be limited to) passports and social security cards. To make matters worse, employees found out about the data leak from the news, not from DEQ leadership, and to date DEQ has not provided any real information to employees regarding the leak. Not only were the workers at DEQ victims of this data breach, they are having to use their own leave while the agency cleans up their mess.
We have asked the agency to come to the table and help us figure out how to protect employee data, improve work productivity, and take care of their employees, but that has yet to happen. DEQ needs to step up, fix these issues, ensure their systems cannot be taken over by hackers in the future, and guarantee their employees are properly taken care of and protected throughout this agency failure.
Joe Baessler
Executive Director
Oregon AFSCME
