State Of Ohio Employees, You're Next Up On 'Who's Had Their Personal Data Stolen?'

from the make-it-stop dept

Fri, Jun 15th 2007 1:10pm — Carlo Longino

While companies might be leading the biggest-single-data-leak stakes, various governmental bodies are trying to make up for it in volume. On the federal level, the Veterans Administration has been leading the way, with the TSA right behind, while plenty of state governments and their contractors are getting in on the act, too. Now, in Ohio, the governor has announced that the names and Social Security numbers of 64,000 state employees are out in the wild -- after a storage device containing them was stolen from an intern's car. Yes, you read that correctly. We've wondered in the past just why people are carrying around so much personal information, but the governor claims that it was part of a "protocol intended to keep backup copies of data in case it was lost on state computer systems." Yes, apparently this protocol says that important information should be backed up on storage devices, then given to interns so they can store them in their cars for safekeeping. If you've ever given any personal information to the Ohio government, you might want to start keeping an eye on your credit report, since this is apparently its idea of security.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

16 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 15 Jun 2007 @ 2:22pm

First? hum.. i just read this aloud at my work and it caused an uproar (lucky we are in CA)... the most common response was a gasp and then "what the hell were they thinking"
[ link to this | view in chronology ]
Bah who needs one, 15 Jun 2007 @ 2:22pm

We need an "iWallet" that uses public-key cryptography to authenticate people and transactions transparently and accountably. Then some bozo knowing your SSN isn't even a threat; knowing your private key (having your iWallet) would be required to obtain credit in your name, use your money, or some such.

There's a lengthy comment partly describing such a thing on a recent post at against monopoly.

As for the data in cars -- well, that may be smart if done better. Many of the cars at any given time will be in various random places, dispersing the data and reducing the likelihood a disaster will nail every single copy simultaneously. Only the data maybe should go on a USB key put in a lock box like real estate agents escrow house keys in, with several people at the home office knowing the combination that are likely never to all be in the same place at once (but none of the drivers, so there's no incentive to try to extract codes from them at gunpoint or worse). The lock boxes would also make it more likely for a key to survive an accident if the car it's in crashes.
[ link to this | view in chronology ]
Chuck Norris' Enemy (deceased), 15 Jun 2007 @ 2:24pm

The right man for the job
We might as well give three-year-olds storage devices with all our personal info on it. Problem is that there is no accountability. Sure the intern might get the can but the idiot who gave it to the intern certainly won't lose his job and he will be governor next election.
[ link to this | view in chronology ]
James Pollitt, 15 Jun 2007 @ 2:26pm

Lost or stolen Social Security Numbers
As a government employee myself I can certainly understand the importance of keeping SSNs secure. But does appear to me that many SSNs are compromised by those trying to keep them secure. For the most part those of us who have been dealing with them for many years understand the importance of security and have maintained them for years without incident. The only people we allow to have access are those who have the need to know only. That does not include the general public.
[ link to this | view in chronology ]
DigitalRAGE, 15 Jun 2007 @ 2:46pm

Humm well Iguess the state of Ohio hasn't learned much from major corporations. The first step in fuck-up 101 is it hide all evidence, the second step is not to tell anyone.
[ link to this | view in chronology ]
Bryan Price, 15 Jun 2007 @ 3:44pm

Guessing from the numbers...
this only effects current State of Ohio employees, not past. I guess I'll find out if I get a letter next week.

Too late to call any of my buddies up there at work. I'll wait till next week to see what's up.

That was incredibly stupid. I would think that DAS (Department of Administrative Services, who are in charge of personnel stuff ultimately) should have known much better. Then again, it's been a few years since I've been in Ohio. Lord knows what kind of cuts/outsourcing or whatnot has happened since. 7 years ago, my department/division was talking about using a VPN to truly secure communications. We didn't get too far, as we were only using email for the most part, and that data that we were sending and receiving wasn't what could really be considered sensitive.

The more bizarre communication was the bank of 5 computers that connected point to point to update our POS (Liquor). I helped layout a new way to handle calling stores back if the first and second times failed (and cut out the second call if the first completed correctly). 9 years later, and they're still using it. They have upgraded from OS/2 to Windows 2000.
[ link to this | view in chronology ]
Anonymous Coward, 16 Jun 2007 @ 1:53pm

give me a reason to trust the State of Ohio Government. If I thought that such important information was given to an intern, I would have applied for the job
[ link to this | view in chronology ]
Lawrence, 17 Jun 2007 @ 7:41pm

And we still don't use encryption, why?
Laptop, disk, tape theft has been happening for years now. Why is it that there's no mandate or law that makes it compulsory to use encryption when personal, medical or credit data is being stored?

These people should be hauled up and tossed into the sea.
[ link to this | view in chronology ]
- Dave, 18 Jun 2007 @ 5:35am
  
  Re: And we still don't use encryption, why?
  They claim that it was encrypted, but no one outside of the circles within which this happened seems to know for sure just what kind of backup device it was supposed to be.
  
  It makes a difference whether we are dealing with a backup tape or a USB data stick.
  
  And why don't they seem to know exactly what data is on the thing? Seems they have some widows and orphans.
  
  Wonderful
  [ link to this | view in chronology ]
darkbhudda, 17 Jun 2007 @ 8:34pm

Laptop, disk, tape theft has been happening for years now. Why is it that there's no mandate or law that makes it compulsory to use encryption when personal, medical or credit data is being stored?

It wouldn't have changed anything, laws don't apply to government.
[ link to this | view in chronology ]
Kevin, 22 Jun 2007 @ 2:06pm

Class Action Lawsuit
My name and ss# is on that device and they are giving me 1 year of free credit protection from Debix. At first I was like thats cool of them and then I realised that I am going to be alive for longer than a year and that this is bull and we either need lifetime credit protection or it will be time for a good ole fasion class action lawsuit.
[ link to this | view in chronology ]
- Anonymous Coward, 18 Jul 2007 @ 11:56am
  
  Re: Class Action Lawsuit
  I agree with you totally!!!
  [ link to this | view in chronology ]
Ohio Sucks.gov, 30 Jun 2007 @ 7:58pm

Class Action
This is pathetic. Government has reached its tipping point. It has become too large. When the masses of the populous work for government it becomes a very volatile situation. Slavery anyone? So what are the State slaves going to do? Are you just a bunch of union hillbillies? My bet is you are. Why don't you get off your stupid 'duffs' and realize that working for government is your mistake. Go to college. Start your businesses and quit being a bunch of f heads. Dumb f'ers.

Or begin this class action lawsuit and tell you children never to work for government. Tell their friends etc. Remember the Declaration of Independence? Remember why people die in wars? (Not present day wars of course). F'ing little f'ers. Stupid clowns.
[ link to this | view in chronology ]
tom, 16 Jul 2007 @ 9:13pm

yeah..mines on that too..i thought the year of debix was a slap in the face.
[ link to this | view in chronology ]
sad today, 26 Oct 2007 @ 6:22pm

i am one of the 64,000 that had my personal info stolen. if all of you think it's a crock, you should be in my shoes.
[ link to this | view in chronology ]
MLR, 30 Aug 2008 @ 4:15pm

Use TPI
The simplest thing to do is talk to any military person on how to handle sensitive material. TPI. Two Person Integrity.
In addition, only those people who have an active security clearance AND the need to know this information are the only ones authorized to even have access.

Leave a backup in the car. How ridiculous! When I was in the Navy and had to change codes on the crypto comm systems, we were required to get the material from a locked safe managed by our Division Officer and we both had to be together LITERALLY for the WHOLE time we had possession of this material. AND we were not allowed to let anyone see it. This all came out cause of the Walker incidents.

Learn from your mistakes and learn from history.
[ link to this | view in chronology ]