COLUMBUS, Ohio - A 22-year-old intern was given the responsibility of safeguarding the personal information of thousands of state employees, a security procedure that ended up backfiring.
The names and Social Security numbers of all 64,000 Ohio state employees were stolen last weekend from a state agency intern who left a backup data storage device in his car, Gov. Ted Strickland said Friday.
An additional review of data revealed that the storage device also may have held information about participants in the state's pharmacy benefits management program and the names and Social Security numbers of their dependents. Strickland has asked Ohio Inspector General Tom Charles to investigate.
http://news.yahoo.com/s/ap/20070616/ap_on_hi_te/data_theft;_ylt=A0WTcVO8...
Should we be concerned with the push for more technology and the use of mobile devices to hold onto the data with regards to the wi-fi push in Toledo.
I don't understand why the employees are taking this type of information home.
That type of information should not be removed from the building.
They don't go into why this was done this way. Was it a practice started because of WMDs (have multiple archives so that a "hit" is less likely to destory them all)? Was the device a USB device, or a SD card? Hopefully, there was a requirement for a PIN, and the data was encrypted. But people, being human, often take convenience over security.
I'm curious why something like this was clearly left unattended in a car.
of how backwards we work in this country. Forget all the experienced people and let the recent college graduates who hardly know anything do the job.
Stupid.
Laptop theft exposes Hotels.com data
http://news.com.com/Car+theft+exposes+Hotels.com+data/2100-7348_3-607942...
In Wisconsin, papers were stolen from a legislative staff member's car. Ordinarily no big deal but these had the Social Security numbers for a third of Assembly members and 74 of their aides,
http://government.zdnet.com/?p=2896
MCI employee data stolen in laptop theft
http://www.infoworld.com/article/05/05/23/HNmcidatastolen_1.html
a laptop with the personal data of more than 28,000 Beaumont Hospital home care patients was stolen from the car of a home care nurse
http://www.identitytheft911.org/alerts/alert.ext?sp=612
Data security for 2006 is not looking much better than last year's showing.
In separate incidents this week, the government of Rhode Island reportedly said that Russian data thieves had nabbed tens of thousands of credit-card transactions from the state government's Web site, while Seattle-based Providence Home Services apparently acknowledged that backup tapes containing 365,000 patient records in the states of Washington and Oregon had been stolen from an employee's car. (This one just keeps getting worse and is more than a year old)
http://www.securityfocus.com/brief/123
raised a good point. Is the intern really that stupid? If so, why was he hired. If not, why aren't the cops laying the rubber hose to him?
The paper doesn't say what the device was, only that the value was $15. That makes it a stack of CDs or reel to reel tape. I'd like to know if the data was encrypted, and if so, who has the passwords and what is the encryption scheme. If not, then why not.
It's possible that the intern sold the data to someone and then reported it the device stolen. I notice no one is thinking along those lines.
We must keep in mind that sharing the last name of someone already in a governmental position will always trump academic and intellectual qualifications for the job.
Do you actually expect our civil servants to come back into work at the end of the day to pick up the backup device? First you want them to be in charge of the department's data, next you're going to make them work all the hours they get paid for, isn't that right, Herr Kooz? They are obviously too busy attending to personal matters to swing by at the end of the day, so why shouldn't the intern do the job? If they're good enough to fetch coffee and lunch orders, they're good enough to safeguard the personal information of 64,000 state employees. Speaking of that...
"I said a LOW FAT soymilk latte, you moron!"
==throws coffee at intern's head==
"Go get me another one and clean up this mess!"
---------
"When I say your dumb name, please stand up briefly, but then quickly drop to your knees and forsake all others before me." -Ignignokt
But the implementation of the plan, with regard to the department in question, could be considered poor by some. Others, myself included, would call the department's offsite backup plan idiotic and would demand the departmental administrator be fired with cause. Whoever thought the intern would be the best person to carry the backup should also be fired or be forced to post their personal information on a state web page. I see the subdomain http://imtheguywholettheinterntakeyourpersonalinfohomeonhisflashdrive.ohio.gov is not being utilized by the state at this time.
---------
"When I say your dumb name, please stand up briefly, but then quickly drop to your knees and forsake all others before me." -Ignignokt
"But Charles' report determined that the firing of Williamson was not related to Mrs. Coleman but rather because 'she no longer had the trust of her superiors.' "
They didn't trust her because she couldn't be trusted to cover for them when they "took off" after lunch for the day? I'm not sure her supervisors can be trusted now.
Maybe the only employee who can be trusted is the one who got fired for not covering up the less than eight hour work days.