State Of Ohio Employees, You're Next Up On 'Who's Had Their Personal Data Stolen?'

from the make-it-stop dept

While companies might be leading the biggest-single-data-leak stakes, various governmental bodies are trying to make up for it in volume. On the federal level, the Veterans Administration has been leading the way, with the TSA right behind, while plenty of state governments and their contractors are getting in on the act, too. Now, in Ohio, the governor has announced that the names and Social Security numbers of 64,000 state employees are out in the wild -- after a storage device containing them was stolen from an intern's car. Yes, you read that correctly. We've wondered in the past just why people are carrying around so much personal information, but the governor claims that it was part of a "protocol intended to keep backup copies of data in case it was lost on state computer systems." Yes, apparently this protocol says that important information should be backed up on storage devices, then given to interns so they can store them in their cars for safekeeping. If you've ever given any personal information to the Ohio government, you might want to start keeping an eye on your credit report, since this is apparently its idea of security.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jun 15th, 2007 @ 2:22pm

    First? hum.. i just read this aloud at my work and it caused an uproar (lucky we are in CA)... the most common response was a gasp and then "what the hell were they thinking"

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Bah who needs one, Jun 15th, 2007 @ 2:22pm

    We need an "iWallet" that uses public-key cryptography to authenticate people and transactions transparently and accountably. Then some bozo knowing your SSN isn't even a threat; knowing your private key (having your iWallet) would be required to obtain credit in your name, use your money, or some such.

    There's a lengthy comment partly describing such a thing on a recent post at against monopoly.

    As for the data in cars -- well, that may be smart if done better. Many of the cars at any given time will be in various random places, dispersing the data and reducing the likelihood a disaster will nail every single copy simultaneously. Only the data maybe should go on a USB key put in a lock box like real estate agents escrow house keys in, with several people at the home office knowing the combination that are likely never to all be in the same place at once (but none of the drivers, so there's no incentive to try to extract codes from them at gunpoint or worse). The lock boxes would also make it more likely for a key to survive an accident if the car it's in crashes.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Chuck Norris' Enemy (deceased), Jun 15th, 2007 @ 2:24pm

    The right man for the job

    We might as well give three-year-olds storage devices with all our personal info on it. Problem is that there is no accountability. Sure the intern might get the can but the idiot who gave it to the intern certainly won't lose his job and he will be governor next election.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    James Pollitt, Jun 15th, 2007 @ 2:26pm

    Lost or stolen Social Security Numbers

    As a government employee myself I can certainly understand the importance of keeping SSNs secure. But does appear to me that many SSNs are compromised by those trying to keep them secure. For the most part those of us who have been dealing with them for many years understand the importance of security and have maintained them for years without incident. The only people we allow to have access are those who have the need to know only. That does not include the general public.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    DigitalRAGE, Jun 15th, 2007 @ 2:46pm

    Humm well Iguess the state of Ohio hasn't learned much from major corporations. The first step in fuck-up 101 is it hide all evidence, the second step is not to tell anyone.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Bryan Price, Jun 15th, 2007 @ 3:44pm

    Guessing from the numbers...

    this only effects current State of Ohio employees, not past. I guess I'll find out if I get a letter next week.

    Too late to call any of my buddies up there at work. I'll wait till next week to see what's up.

    That was incredibly stupid. I would think that DAS (Department of Administrative Services, who are in charge of personnel stuff ultimately) should have known much better. Then again, it's been a few years since I've been in Ohio. Lord knows what kind of cuts/outsourcing or whatnot has happened since. 7 years ago, my department/division was talking about using a VPN to truly secure communications. We didn't get too far, as we were only using email for the most part, and that data that we were sending and receiving wasn't what could really be considered sensitive.

    The more bizarre communication was the bank of 5 computers that connected point to point to update our POS (Liquor). I helped layout a new way to handle calling stores back if the first and second times failed (and cut out the second call if the first completed correctly). 9 years later, and they're still using it. They have upgraded from OS/2 to Windows 2000.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jun 16th, 2007 @ 1:53pm

    give me a reason to trust the State of Ohio Government. If I thought that such important information was given to an intern, I would have applied for the job

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Lawrence, Jun 17th, 2007 @ 7:41pm

    And we still don't use encryption, why?

    Laptop, disk, tape theft has been happening for years now. Why is it that there's no mandate or law that makes it compulsory to use encryption when personal, medical or credit data is being stored?

    These people should be hauled up and tossed into the sea.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    darkbhudda, Jun 17th, 2007 @ 8:34pm

    Laptop, disk, tape theft has been happening for years now. Why is it that there's no mandate or law that makes it compulsory to use encryption when personal, medical or credit data is being stored?

    It wouldn't have changed anything, laws don't apply to government.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Dave, Jun 18th, 2007 @ 5:35am

    Re: And we still don't use encryption, why?

    They claim that it was encrypted, but no one outside of the circles within which this happened seems to know for sure just what kind of backup device it was supposed to be.

    It makes a difference whether we are dealing with a backup tape or a USB data stick.

    And why don't they seem to know exactly what data is on the thing? Seems they have some widows and orphans.

    Wonderful

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Kevin, Jun 22nd, 2007 @ 2:06pm

    Class Action Lawsuit

    My name and ss# is on that device and they are giving me 1 year of free credit protection from Debix. At first I was like thats cool of them and then I realised that I am going to be alive for longer than a year and that this is bull and we either need lifetime credit protection or it will be time for a good ole fasion class action lawsuit.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Ohio Sucks.gov, Jun 30th, 2007 @ 7:58pm

    Class Action

    This is pathetic. Government has reached its tipping point. It has become too large. When the masses of the populous work for government it becomes a very volatile situation. Slavery anyone? So what are the State slaves going to do? Are you just a bunch of union hillbillies? My bet is you are. Why don't you get off your stupid 'duffs' and realize that working for government is your mistake. Go to college. Start your businesses and quit being a bunch of f heads. Dumb f'ers.

    Or begin this class action lawsuit and tell you children never to work for government. Tell their friends etc. Remember the Declaration of Independence? Remember why people die in wars? (Not present day wars of course). F'ing little f'ers. Stupid clowns.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    tom, Jul 16th, 2007 @ 9:13pm

    yeah..mines on that too..i thought the year of debix was a slap in the face.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jul 18th, 2007 @ 11:56am

    Re: Class Action Lawsuit

    I agree with you totally!!!

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    sad today, Oct 26th, 2007 @ 6:22pm

    i am one of the 64,000 that had my personal info stolen. if all of you think it's a crock, you should be in my shoes.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    MLR, Aug 30th, 2008 @ 4:15pm

    Use TPI

    The simplest thing to do is talk to any military person on how to handle sensitive material. TPI. Two Person Integrity.
    In addition, only those people who have an active security clearance AND the need to know this information are the only ones authorized to even have access.

    Leave a backup in the car. How ridiculous! When I was in the Navy and had to change codes on the crypto comm systems, we were required to get the material from a locked safe managed by our Division Officer and we both had to be together LITERALLY for the WHOLE time we had possession of this material. AND we were not allowed to let anyone see it. This all came out cause of the Walker incidents.

    Learn from your mistakes and learn from history.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This