We're Too Cheap To Let You Grab Your Own Toilet Paper

Ohio State Data Leak Now About 16 Times Worse Than Initially Disclosed

from the fun-with-numbers dept

Wed, Jul 11th 2007 7:31pm — Carlo Longino

Back in June, the state of Ohio said it had lost the personal information of some 64,000 state employees, after a storage device was stolen from an intern's car -- which, apparently according to its security protocols, was a suitable off-site storage location. The state dutifully followed the usual plan of releasing another announcement raising the number of people whose information was lost, putting it at 500,000. Turns out that was a little conservative; the state now says the figure is closer to one million, nearly 16 times the original claim. The governor and his staffers claim that nobody appears to have used the stolen information yet, and that it would take somebody with "special knowledge and understanding" to access it. Of course, coming from a place where storing stuff in an intern's car is regarded as secure and safe, that claim doesn't carry a lot of weight -- nor does it make up for the egregious breach that occured.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data leak, ohio

16 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Slartibartfast, 11 Jul 2007 @ 8:32pm

"special knowledge and understanding"

I wonder what that would be?

Turn on computer and insert CD ......

Wouldn't be too many people with that sort of special knowledge and understanding.
[ link to this | view in chronology ]
- TheDock22, 12 Jul 2007 @ 6:42am
  
  Re:
  Wouldn't be too many people with that sort of special knowledge and understanding.
  
  Well it is Ohio you know. If they elect people into their government that allows interns to keep confidential information of any kind outside of work, you have to wonder about the citizens. ;)
  [ link to this | view in chronology ]
nonuser, 11 Jul 2007 @ 9:20pm

to get free access to the site's award-winning news coverage.

Has any news organization ever *not* won any awards for their coverage? This reminds me of city restaurants that post awards they've won on their storefronts, some from journals that perhaps few people have ever heard of.
[ link to this | view in chronology ]
- Carlo, 11 Jul 2007 @ 9:45pm
  
  Re:
  Sorry, I didn't realize that link asked for registration. I've changed it to one that shouldn't.
  [ link to this | view in chronology ]
bodiby (profile), 11 Jul 2007 @ 9:32pm

I am one of them..
I was just thinking how I can not believe this stuff is still happening. Then I realized that I have the backup tapes for my company in my unlocked car. There are over 10,000 credit card numbers on one of those tapes.
[ link to this | view in chronology ]
Nate Kohari, 12 Jul 2007 @ 4:08am

Still...
What isn't commonly being reported when this is brought up is the fact that the hard drive was *encrypted*. It would take a serious effort to decrypt the contents -- as in, a supercomputer and a few years, if they used a decent algorithm. Any breach like this is bad, but it's important to get the facts straight. I live in Ohio, and the media was trumping this up so much that there were people that thought that *every person in the state* was in danger of having their identity stolen! Ridiculous.
[ link to this | view in chronology ]
JB, 12 Jul 2007 @ 6:24am

Organized Crime
I am absolutely mortified at the government of today. How can these mobsters get away with the embezzlement and crime that the various Ohio agencies and even our countries government commit every day????? The person who allowed this intern to take PI data out of the building should be removed (I'm being nice here). Additionally the agency should be made to pay a severe price for this crime just as any other person would have to. Also, to Nate, how can you tell us the data was encrypted?? Are you from this agency? I have consulted with a state agency and they can not even move beyond spreadsheets for data storage.
[ link to this | view in chronology ]
Sherm, 12 Jul 2007 @ 6:58am

Data leak
Outside of the voters having the ability to remove the elected officials and bad press, it still seems like the state will get away with a slap on the wrist.

At some point the security of confidential information cannot be left to interpretation of a "CIO", board of directors, share holders or anyone who thinks they can spell security.
[ link to this | view in chronology ]
Overcast, 12 Jul 2007 @ 7:01am

Encrypted like... DVD's?

lol

Sure... umm, no one can get to the data... Unless of course, they really want to!

In otherwords - if it's just a common thief, who got the data by mistake; no worries. However; if it was something more, like a person who is much more technically adept who's intent was to steal confidential information, you better watch out!

In the end, what's being said is that it doesn't matter if it's protected or encrypted. If it's a common thief who's stealing junk from cars, he wouldn't have a clue what the data was from the start. If it was someone intent on stealing that information - then they likely have the 'special knowledge and understanding'.

Really doesn't matter what safeguards are in place given the common sense of the matter. It's been proven over and over and over again, if someone is determined to get to that data - they will.
[ link to this | view in chronology ]
Justin, 12 Jul 2007 @ 7:13am

Not that this makes it alright that it ever happened in the first place, but I do know that Ohio is at least offering a year's worth of identity theft insurance to all of those whose SSN's were compromised.
[ link to this | view in chronology ]
Nate Kohari, 12 Jul 2007 @ 9:32am

Uh...
@Overcast: Uh, no, not like DVDs. More like the credit card number that you've send over SSL connections. Unless they're complete dolts, they're using something at least as powerful as triple-DES to encrypt. Any real encryption algorithm around today would take a tremendous amount of processing power to crack in a brute-force attempt.

Also, @TheDock22, shut up about Ohioans. We am not that stoopid. :)
[ link to this | view in chronology ]
Joe, 12 Jul 2007 @ 2:07pm

This is a joke
This article is completely inaccurate. Poorly written yellow journalism looking to get a rise out of the masses.
Looks like Carlo didn't do a lot of research before putting together this masterpiece. State policies are public record, go read them for yourselves.
Don't believe everything you read on the internet people.
[ link to this | view in chronology ]
- Carlo, 12 Jul 2007 @ 2:42pm
  
  Re: This is a joke
  Care to explain how it's completely inaccurate?
  [ link to this | view in chronology ]
Steve, 12 Jul 2007 @ 5:33pm

Re: This is a Joke
He's full of Sh** Carlo, ignore him.
[ link to this | view in chronology ]
Joe, 12 Jul 2007 @ 8:48pm

Fact checking
Your facts are wrong, I'm not going to do you research for you.
Atta boy Steve, stay with the herd!
[ link to this | view in chronology ]
FromTheTop, 15 Jul 2007 @ 8:34am

Security
ChoicePoint has settled with 44 states over a data breach that potentially gave CRIMINALS access to personal information of 145,000 consumers. Govenor Strickland said, "a stolen computer storage device in Ohio had taxpayers and Social Security Numbers of 561,126 people with refund checks on the device". Now it's worse! IDENTITY THEFT PROTECTION-Call: 1-800-251-3803 Code#9685
[ link to this | view in chronology ]