Among its other unpleasant qualities, 2020 was a banner year for data breaches. More than 90 companies reported to Oregon Department of Justice officials that customers' personal information was exposed last year by a computer security breach. (That's an 8% increase from 2019.)

Among the possible victims: employees of Portland advertising agency Wieden+Kennedy.

WW has learned that over the past month, Wieden+Kennedy informed its staffers that their personal information might have been compromised in a ransomware attack last November.

The threat is a little complicated to explain: W+K gives its employee benefits information to the Portland-based accounting firm Perkins & Co, which in turn stores that data on servers owned by a vendor called Netgain. The ransomware attack hit Netgain. None of the companies know for certain whether employee data was compromised in the attack.

A Wieden+Kennedy spokesperson confirmed to WW that the agency had been notified of the breach, and directed a reporter to Perkins & Co for comment. (Disclosure: The accounting firm also handles WW's taxes.)

State records show that Perkins & Co reported the breach to state officials on March 11. It told the Oregon DOJ's consumer protection division that the breach was discovered Dec. 3.

"At this point, Perkins & Co is not aware of any increase in suspicious activity to indicate that client information has been misused in connection with this incident," says president Jared Holum. "However, we continue to monitor the situation and will keep our clients informed accordingly."

Wieden+Kennedy is Portland's largest ad agency and one of its hippest corporations, making commercials for Nike, Old Spice and KFC. At last count, the agency had about 1,500 employees, although it's unclear how many work in the Portland office.