Porn-Surfing Oregon Worker Exposes 2,200 Taxpayer IDs

More than 2,200 Oregon taxpayers' identities were stolen by a keylogging Trojan horse that infected a state PC after an Oregon Department of Revenue worker browsed porn sites, officials admitted this week.

The identities included Social Security numbers, names, and addresses, and were transmitted to an unknown hacker by the keylogger, said the Department of Revenue in an online FAQ. According to the DOR, its anti-malware filters didn't pick up the Trojan because it was so new that anti-virus vendors hadn't yet created detecting signatures.

No taxpayer financial data was lost to the keylogger, the DOR claimed.

Although the part-time worker's PC was infected in early January, the keylogger went undetected until May 15, when an audit of its hard drive was conducted after the employee was found downloading pornography during work hours and fired.

Monday, Oregon's DOR began notifying taxpayers whose identities were exposed, and on Wednesday Governor Ted Kulongoski (D) promised that the state would pick up the tab for credit monitoring and other protective services.

"I want the citizens of Oregon to know that we are taking every possible action to ensure that the people affected by this breech receive immediate notification, and that the State of Oregon will do everything possible to guard against any further compromise of their personal information," Kulongoski said in a statement.