State Of Ohio Employees, You're Next Up On 'Who's Had Their Personal Data Stolen?'
from the make-it-stop dept
While companies might be leading the biggest-single-data-leak stakes, various governmental bodies are trying to make up for it in volume. On the federal level, the Veterans Administration has been leading the way, with the TSA right behind, while plenty of state governments and their contractors are getting in on the act, too. Now, in Ohio, the governor has announced that the names and Social Security numbers of 64,000 state employees are out in the wild -- after a storage device containing them was stolen from an intern's car. Yes, you read that correctly. We've wondered in the past just why people are carrying around so much personal information, but the governor claims that it was part of a "protocol intended to keep backup copies of data in case it was lost on state computer systems." Yes, apparently this protocol says that important information should be backed up on storage devices, then given to interns so they can store them in their cars for safekeeping. If you've ever given any personal information to the Ohio government, you might want to start keeping an eye on your credit report, since this is apparently its idea of security.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
There's a lengthy comment partly describing such a thing on a recent post at against monopoly.
As for the data in cars -- well, that may be smart if done better. Many of the cars at any given time will be in various random places, dispersing the data and reducing the likelihood a disaster will nail every single copy simultaneously. Only the data maybe should go on a USB key put in a lock box like real estate agents escrow house keys in, with several people at the home office knowing the combination that are likely never to all be in the same place at once (but none of the drivers, so there's no incentive to try to extract codes from them at gunpoint or worse). The lock boxes would also make it more likely for a key to survive an accident if the car it's in crashes.
[ link to this | view in thread ]
The right man for the job
[ link to this | view in thread ]
Lost or stolen Social Security Numbers
[ link to this | view in thread ]
[ link to this | view in thread ]
Guessing from the numbers...
Too late to call any of my buddies up there at work. I'll wait till next week to see what's up.
That was incredibly stupid. I would think that DAS (Department of Administrative Services, who are in charge of personnel stuff ultimately) should have known much better. Then again, it's been a few years since I've been in Ohio. Lord knows what kind of cuts/outsourcing or whatnot has happened since. 7 years ago, my department/division was talking about using a VPN to truly secure communications. We didn't get too far, as we were only using email for the most part, and that data that we were sending and receiving wasn't what could really be considered sensitive.
The more bizarre communication was the bank of 5 computers that connected point to point to update our POS (Liquor). I helped layout a new way to handle calling stores back if the first and second times failed (and cut out the second call if the first completed correctly). 9 years later, and they're still using it. They have upgraded from OS/2 to Windows 2000.
[ link to this | view in thread ]
[ link to this | view in thread ]
And we still don't use encryption, why?
These people should be hauled up and tossed into the sea.
[ link to this | view in thread ]
It wouldn't have changed anything, laws don't apply to government.
[ link to this | view in thread ]
Re: And we still don't use encryption, why?
It makes a difference whether we are dealing with a backup tape or a USB data stick.
And why don't they seem to know exactly what data is on the thing? Seems they have some widows and orphans.
Wonderful
[ link to this | view in thread ]
Class Action Lawsuit
[ link to this | view in thread ]
Class Action
Or begin this class action lawsuit and tell you children never to work for government. Tell their friends etc. Remember the Declaration of Independence? Remember why people die in wars? (Not present day wars of course). F'ing little f'ers. Stupid clowns.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Class Action Lawsuit
[ link to this | view in thread ]
[ link to this | view in thread ]
Use TPI
In addition, only those people who have an active security clearance AND the need to know this information are the only ones authorized to even have access.
Leave a backup in the car. How ridiculous! When I was in the Navy and had to change codes on the crypto comm systems, we were required to get the material from a locked safe managed by our Division Officer and we both had to be together LITERALLY for the WHOLE time we had possession of this material. AND we were not allowed to let anyone see it. This all came out cause of the Walker incidents.
Learn from your mistakes and learn from history.
[ link to this | view in thread ]