RSS
Twitter
Ohio State Data Leak Now About 16 Times Worse Than Initially Disclosed
from the fun-with-numbers dept
Back in June, the state of Ohio said it had lost the personal information of some 64,000 state employees, after a storage device was stolen from an intern's car -- which, apparently according to its security protocols, was a suitable off-site storage location. The state dutifully followed the usual plan of releasing another announcement raising the number of people whose information was lost, putting it at 500,000. Turns out that was a little conservative; the state now says the figure is closer to one million, nearly 16 times the original claim. The governor and his staffers claim that nobody appears to have used the stolen information yet, and that it would take somebody with "special knowledge and understanding" to access it. Of course, coming from a place where storing stuff in an intern's car is regarded as secure and safe, that claim doesn't carry a lot of weight -- nor does it make up for the egregious breach that occured.
Reader Comments
(Flattened / Threaded)
"special knowledge and understanding"
I wonder what that would be?
Turn on computer and insert CD ......
Wouldn't be too many people with that sort of special knowledge and understanding.
(reply to this comment) (link to this comment)
Re:
Wouldn't be too many people with that sort of special knowledge and understanding.
Well it is Ohio you know. If they elect people into their government that allows interns to keep confidential information of any kind outside of work, you have to wonder about the citizens. ;)
(reply to this comment) (link to this comment)
to get free access to the site's award-winning news coverage.
Has any news organization ever *not* won any awards for their coverage? This reminds me of city restaurants that post awards they've won on their storefronts, some from journals that perhaps few people have ever heard of.
(reply to this comment) (link to this comment)
Re:
Sorry, I didn't realize that link asked for registration. I've changed it to one that shouldn't.
(reply to this comment) (link to this comment)
I am one of them..
I was just thinking how I can not believe this stuff is still happening. Then I realized that I have the backup tapes for my company in my unlocked car. There are over 10,000 credit card numbers on one of those tapes.
(reply to this comment) (link to this comment)
Still...
What isn't commonly being reported when this is brought up is the fact that the hard drive was *encrypted*. It would take a serious effort to decrypt the contents -- as in, a supercomputer and a few years, if they used a decent algorithm. Any breach like this is bad, but it's important to get the facts straight. I live in Ohio, and the media was trumping this up so much that there were people that thought that *every person in the state* was in danger of having their identity stolen! Ridiculous.
(reply to this comment) (link to this comment)
Organized Crime
I am absolutely mortified at the government of today. How can these mobsters get away with the embezzlement and crime that the various Ohio agencies and even our countries government commit every day????? The person who allowed this intern to take PI data out of the building should be removed (I'm being nice here). Additionally the agency should be made to pay a severe price for this crime just as any other person would have to. Also, to Nate, how can you tell us the data was encrypted?? Are you from this agency? I have consulted with a state agency and they can not even move beyond spreadsheets for data storage.
(reply to this comment) (link to this comment)
Data leak
Outside of the voters having the ability to remove the elected officials and bad press, it still seems like the state will get away with a slap on the wrist.
At some point the security of confidential information cannot be left to interpretation of a "CIO", board of directors, share holders or anyone who thinks they can spell security.
(reply to this comment) (link to this comment)
Encrypted like... DVD's?
lol
Sure... umm, no one can get to the data... Unless of course, they really want to!
In otherwords - if it's just a common thief, who got the data by mistake; no worries. However; if it was something more, like a person who is much more technically adept who's intent was to steal confidential information, you better watch out!
In the end, what's being said is that it doesn't matter if it's protected or encrypted. If it's a common thief who's stealing junk from cars, he wouldn't have a clue what the data was from the start. If it was someone intent on stealing that information - then they likely have the 'special knowledge and understanding'.
Really doesn't matter what safeguards are in place given the common sense of the matter. It's been proven over and over and over again, if someone is determined to get to that data - they will.
(reply to this comment) (link to this comment)
Not that this makes it alright that it ever happened in the first place, but I do know that Ohio is at least offering a year's worth of identity theft insurance to all of those whose SSN's were compromised.
(reply to this comment) (link to this comment)
Uh...
@Overcast: Uh, no, not like DVDs. More like the credit card number that you've send over SSL connections. Unless they're complete dolts, they're using something at least as powerful as triple-DES to encrypt. Any real encryption algorithm around today would take a tremendous amount of processing power to crack in a brute-force attempt.
Also, @TheDock22, shut up about Ohioans. We am not that stoopid. :)
(reply to this comment) (link to this comment)
This is a joke
This article is completely inaccurate. Poorly written yellow journalism looking to get a rise out of the masses.
Looks like Carlo didn't do a lot of research before putting together this masterpiece. State policies are public record, go read them for yourselves.
Don't believe everything you read on the internet people.
(reply to this comment) (link to this comment)
Re: This is a joke
Care to explain how it's completely inaccurate?
(reply to this comment) (link to this comment)
Re: This is a Joke
He's full of Sh** Carlo, ignore him.
(reply to this comment) (link to this comment)
Fact checking
Your facts are wrong, I'm not going to do you research for you.
Atta boy Steve, stay with the herd!
(reply to this comment) (link to this comment)
Security
ChoicePoint has settled with 44 states over a data breach that potentially gave CRIMINALS access to personal information of 145,000 consumers. Govenor Strickland said, "a stolen computer storage device in Ohio had taxpayers and Social Security Numbers of 561,126 people with refund checks on the device". Now it's worse! IDENTITY THEFT PROTECTION-Call: 1-800-251-3803 Code#9685
(reply to this comment) (link to this comment)
Add Your Comment