State Of Ohio Employees, You're Next Up On 'Who's Had Their Personal Data Stolen?'

from the make-it-stop dept

While companies might be leading the biggest-single-data-leak stakes, various governmental bodies are trying to make up for it in volume. On the federal level, the Veterans Administration has been leading the way, with the TSA right behind, while plenty of state governments and their contractors are getting in on the act, too. Now, in Ohio, the governor has announced that the names and Social Security numbers of 64,000 state employees are out in the wild — after a storage device containing them was stolen from an intern’s car. Yes, you read that correctly. We’ve wondered in the past just why people are carrying around so much personal information, but the governor claims that it was part of a “protocol intended to keep backup copies of data in case it was lost on state computer systems.” Yes, apparently this protocol says that important information should be backed up on storage devices, then given to interns so they can store them in their cars for safekeeping. If you’ve ever given any personal information to the Ohio government, you might want to start keeping an eye on your credit report, since this is apparently its idea of security.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “State Of Ohio Employees, You're Next Up On 'Who's Had Their Personal Data Stolen?'”

Subscribe: RSS Leave a comment
Bah who needs one (user link) says:

We need an “iWallet” that uses public-key cryptography to authenticate people and transactions transparently and accountably. Then some bozo knowing your SSN isn’t even a threat; knowing your private key (having your iWallet) would be required to obtain credit in your name, use your money, or some such.

There’s a lengthy comment partly describing such a thing on a recent post at against monopoly.

As for the data in cars — well, that may be smart if done better. Many of the cars at any given time will be in various random places, dispersing the data and reducing the likelihood a disaster will nail every single copy simultaneously. Only the data maybe should go on a USB key put in a lock box like real estate agents escrow house keys in, with several people at the home office knowing the combination that are likely never to all be in the same place at once (but none of the drivers, so there’s no incentive to try to extract codes from them at gunpoint or worse). The lock boxes would also make it more likely for a key to survive an accident if the car it’s in crashes.

James Pollitt says:

Lost or stolen Social Security Numbers

As a government employee myself I can certainly understand the importance of keeping SSNs secure. But does appear to me that many SSNs are compromised by those trying to keep them secure. For the most part those of us who have been dealing with them for many years understand the importance of security and have maintained them for years without incident. The only people we allow to have access are those who have the need to know only. That does not include the general public.

Bryan Price (user link) says:

Guessing from the numbers...

this only effects current State of Ohio employees, not past. I guess I’ll find out if I get a letter next week.

Too late to call any of my buddies up there at work. I’ll wait till next week to see what’s up.

That was incredibly stupid. I would think that DAS (Department of Administrative Services, who are in charge of personnel stuff ultimately) should have known much better. Then again, it’s been a few years since I’ve been in Ohio. Lord knows what kind of cuts/outsourcing or whatnot has happened since. 7 years ago, my department/division was talking about using a VPN to truly secure communications. We didn’t get too far, as we were only using email for the most part, and that data that we were sending and receiving wasn’t what could really be considered sensitive.

The more bizarre communication was the bank of 5 computers that connected point to point to update our POS (Liquor). I helped layout a new way to handle calling stores back if the first and second times failed (and cut out the second call if the first completed correctly). 9 years later, and they’re still using it. They have upgraded from OS/2 to Windows 2000.

Dave says:

Re: And we still don't use encryption, why?

They claim that it was encrypted, but no one outside of the circles within which this happened seems to know for sure just what kind of backup device it was supposed to be.

It makes a difference whether we are dealing with a backup tape or a USB data stick.

And why don’t they seem to know exactly what data is on the thing? Seems they have some widows and orphans.


Kevin says:

Class Action Lawsuit

My name and ss# is on that device and they are giving me 1 year of free credit protection from Debix. At first I was like thats cool of them and then I realised that I am going to be alive for longer than a year and that this is bull and we either need lifetime credit protection or it will be time for a good ole fasion class action lawsuit.

Ohio (user link) says:

Class Action

This is pathetic. Government has reached its tipping point. It has become too large. When the masses of the populous work for government it becomes a very volatile situation. Slavery anyone? So what are the State slaves going to do? Are you just a bunch of union hillbillies? My bet is you are. Why don’t you get off your stupid ‘duffs’ and realize that working for government is your mistake. Go to college. Start your businesses and quit being a bunch of f heads. Dumb f’ers.

Or begin this class action lawsuit and tell you children never to work for government. Tell their friends etc. Remember the Declaration of Independence? Remember why people die in wars? (Not present day wars of course). F’ing little f’ers. Stupid clowns.

MLR says:


The simplest thing to do is talk to any military person on how to handle sensitive material. TPI. Two Person Integrity.
In addition, only those people who have an active security clearance AND the need to know this information are the only ones authorized to even have access.

Leave a backup in the car. How ridiculous! When I was in the Navy and had to change codes on the crypto comm systems, we were required to get the material from a locked safe managed by our Division Officer and we both had to be together LITERALLY for the WHOLE time we had possession of this material. AND we were not allowed to let anyone see it. This all came out cause of the Walker incidents.

Learn from your mistakes and learn from history.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...