Ohio State Data Leak Now About 16 Times Worse Than Initially Disclosed

from the fun-with-numbers dept

Back in June, the state of Ohio said it had lost the personal information of some 64,000 state employees, after a storage device was stolen from an intern's car -- which, apparently according to its security protocols, was a suitable off-site storage location. The state dutifully followed the usual plan of releasing another announcement raising the number of people whose information was lost, putting it at 500,000. Turns out that was a little conservative; the state now says the figure is closer to one million, nearly 16 times the original claim. The governor and his staffers claim that nobody appears to have used the stolen information yet, and that it would take somebody with "special knowledge and understanding" to access it. Of course, coming from a place where storing stuff in an intern's car is regarded as secure and safe, that claim doesn't carry a lot of weight -- nor does it make up for the egregious breach that occured.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data leak, ohio


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Slartibartfast, 11 Jul 2007 @ 8:32pm

    "special knowledge and understanding"

    I wonder what that would be?

    Turn on computer and insert CD ......

    Wouldn't be too many people with that sort of special knowledge and understanding.

    link to this | view in thread ]

  2. identicon
    nonuser, 11 Jul 2007 @ 9:20pm

    to get free access to the site's award-winning news coverage.

    Has any news organization ever *not* won any awards for their coverage? This reminds me of city restaurants that post awards they've won on their storefronts, some from journals that perhaps few people have ever heard of.

    link to this | view in thread ]

  3. icon
    bodiby (profile), 11 Jul 2007 @ 9:32pm

    I am one of them..

    I was just thinking how I can not believe this stuff is still happening. Then I realized that I have the backup tapes for my company in my unlocked car. There are over 10,000 credit card numbers on one of those tapes.

    link to this | view in thread ]

  4. identicon
    Carlo, 11 Jul 2007 @ 9:45pm

    Re:

    Sorry, I didn't realize that link asked for registration. I've changed it to one that shouldn't.

    link to this | view in thread ]

  5. identicon
    Nate Kohari, 12 Jul 2007 @ 4:08am

    Still...

    What isn't commonly being reported when this is brought up is the fact that the hard drive was *encrypted*. It would take a serious effort to decrypt the contents -- as in, a supercomputer and a few years, if they used a decent algorithm. Any breach like this is bad, but it's important to get the facts straight. I live in Ohio, and the media was trumping this up so much that there were people that thought that *every person in the state* was in danger of having their identity stolen! Ridiculous.

    link to this | view in thread ]

  6. identicon
    JB, 12 Jul 2007 @ 6:24am

    Organized Crime

    I am absolutely mortified at the government of today. How can these mobsters get away with the embezzlement and crime that the various Ohio agencies and even our countries government commit every day????? The person who allowed this intern to take PI data out of the building should be removed (I'm being nice here). Additionally the agency should be made to pay a severe price for this crime just as any other person would have to. Also, to Nate, how can you tell us the data was encrypted?? Are you from this agency? I have consulted with a state agency and they can not even move beyond spreadsheets for data storage.

    link to this | view in thread ]

  7. identicon
    TheDock22, 12 Jul 2007 @ 6:42am

    Re:

    Wouldn't be too many people with that sort of special knowledge and understanding.

    Well it is Ohio you know. If they elect people into their government that allows interns to keep confidential information of any kind outside of work, you have to wonder about the citizens. ;)

    link to this | view in thread ]

  8. identicon
    Sherm, 12 Jul 2007 @ 6:58am

    Data leak

    Outside of the voters having the ability to remove the elected officials and bad press, it still seems like the state will get away with a slap on the wrist.

    At some point the security of confidential information cannot be left to interpretation of a "CIO", board of directors, share holders or anyone who thinks they can spell security.

    link to this | view in thread ]

  9. identicon
    Overcast, 12 Jul 2007 @ 7:01am

    Encrypted like... DVD's?

    lol

    Sure... umm, no one can get to the data... Unless of course, they really want to!

    In otherwords - if it's just a common thief, who got the data by mistake; no worries. However; if it was something more, like a person who is much more technically adept who's intent was to steal confidential information, you better watch out!

    In the end, what's being said is that it doesn't matter if it's protected or encrypted. If it's a common thief who's stealing junk from cars, he wouldn't have a clue what the data was from the start. If it was someone intent on stealing that information - then they likely have the 'special knowledge and understanding'.

    Really doesn't matter what safeguards are in place given the common sense of the matter. It's been proven over and over and over again, if someone is determined to get to that data - they will.

    link to this | view in thread ]

  10. identicon
    Justin, 12 Jul 2007 @ 7:13am

    Not that this makes it alright that it ever happened in the first place, but I do know that Ohio is at least offering a year's worth of identity theft insurance to all of those whose SSN's were compromised.

    link to this | view in thread ]

  11. identicon
    Nate Kohari, 12 Jul 2007 @ 9:32am

    Uh...

    @Overcast: Uh, no, not like DVDs. More like the credit card number that you've send over SSL connections. Unless they're complete dolts, they're using something at least as powerful as triple-DES to encrypt. Any real encryption algorithm around today would take a tremendous amount of processing power to crack in a brute-force attempt.

    Also, @TheDock22, shut up about Ohioans. We am not that stoopid. :)

    link to this | view in thread ]

  12. identicon
    Joe, 12 Jul 2007 @ 2:07pm

    This is a joke

    This article is completely inaccurate. Poorly written yellow journalism looking to get a rise out of the masses.
    Looks like Carlo didn't do a lot of research before putting together this masterpiece. State policies are public record, go read them for yourselves.
    Don't believe everything you read on the internet people.

    link to this | view in thread ]

  13. identicon
    Carlo, 12 Jul 2007 @ 2:42pm

    Re: This is a joke

    Care to explain how it's completely inaccurate?

    link to this | view in thread ]

  14. identicon
    Steve, 12 Jul 2007 @ 5:33pm

    Re: This is a Joke

    He's full of Sh** Carlo, ignore him.

    link to this | view in thread ]

  15. identicon
    Joe, 12 Jul 2007 @ 8:48pm

    Fact checking

    Your facts are wrong, I'm not going to do you research for you.
    Atta boy Steve, stay with the herd!

    link to this | view in thread ]

  16. identicon
    FromTheTop, 15 Jul 2007 @ 8:34am

    Security

    ChoicePoint has settled with 44 states over a data breach that potentially gave CRIMINALS access to personal information of 145,000 consumers. Govenor Strickland said, "a stolen computer storage device in Ohio had taxpayers and Social Security Numbers of 561,126 people with refund checks on the device". Now it's worse! IDENTITY THEFT PROTECTION-Call: 1-800-251-3803 Code#9685

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.