State Of Ohio Employees, You're Next Up On 'Who's Had Their Personal Data Stolen?'
from the make-it-stop dept
While companies might be leading the biggest-single-data-leak stakes, various governmental bodies are trying to make up for it in volume. On the federal level, the Veterans Administration has been leading the way, with the TSA right behind, while plenty of state governments and their contractors are getting in on the act, too. Now, in Ohio, the governor has announced that the names and Social Security numbers of 64,000 state employees are out in the wild — after a storage device containing them was stolen from an intern’s car. Yes, you read that correctly. We’ve wondered in the past just why people are carrying around so much personal information, but the governor claims that it was part of a “protocol intended to keep backup copies of data in case it was lost on state computer systems.” Yes, apparently this protocol says that important information should be backed up on storage devices, then given to interns so they can store them in their cars for safekeeping. If you’ve ever given any personal information to the Ohio government, you might want to start keeping an eye on your credit report, since this is apparently its idea of security.
Comments on “State Of Ohio Employees, You're Next Up On 'Who's Had Their Personal Data Stolen?'”
First? hum.. i just read this aloud at my work and it caused an uproar (lucky we are in CA)… the most common response was a gasp and then “what the hell were they thinking”
We need an “iWallet” that uses public-key cryptography to authenticate people and transactions transparently and accountably. Then some bozo knowing your SSN isn’t even a threat; knowing your private key (having your iWallet) would be required to obtain credit in your name, use your money, or some such.
There’s a lengthy comment partly describing such a thing on a recent post at against monopoly.
As for the data in cars — well, that may be smart if done better. Many of the cars at any given time will be in various random places, dispersing the data and reducing the likelihood a disaster will nail every single copy simultaneously. Only the data maybe should go on a USB key put in a lock box like real estate agents escrow house keys in, with several people at the home office knowing the combination that are likely never to all be in the same place at once (but none of the drivers, so there’s no incentive to try to extract codes from them at gunpoint or worse). The lock boxes would also make it more likely for a key to survive an accident if the car it’s in crashes.
The right man for the job
We might as well give three-year-olds storage devices with all our personal info on it. Problem is that there is no accountability. Sure the intern might get the can but the idiot who gave it to the intern certainly won’t lose his job and he will be governor next election.
Lost or stolen Social Security Numbers
As a government employee myself I can certainly understand the importance of keeping SSNs secure. But does appear to me that many SSNs are compromised by those trying to keep them secure. For the most part those of us who have been dealing with them for many years understand the importance of security and have maintained them for years without incident. The only people we allow to have access are those who have the need to know only. That does not include the general public.
Humm well Iguess the state of Ohio hasn’t learned much from major corporations. The first step in fuck-up 101 is it hide all evidence, the second step is not to tell anyone.
Guessing from the numbers...
this only effects current State of Ohio employees, not past. I guess I’ll find out if I get a letter next week.
Too late to call any of my buddies up there at work. I’ll wait till next week to see what’s up.
That was incredibly stupid. I would think that DAS (Department of Administrative Services, who are in charge of personnel stuff ultimately) should have known much better. Then again, it’s been a few years since I’ve been in Ohio. Lord knows what kind of cuts/outsourcing or whatnot has happened since. 7 years ago, my department/division was talking about using a VPN to truly secure communications. We didn’t get too far, as we were only using email for the most part, and that data that we were sending and receiving wasn’t what could really be considered sensitive.
The more bizarre communication was the bank of 5 computers that connected point to point to update our POS (Liquor). I helped layout a new way to handle calling stores back if the first and second times failed (and cut out the second call if the first completed correctly). 9 years later, and they’re still using it. They have upgraded from OS/2 to Windows 2000.
give me a reason to trust the State of Ohio Government. If I thought that such important information was given to an intern, I would have applied for the job
And we still don't use encryption, why?
Laptop, disk, tape theft has been happening for years now. Why is it that there’s no mandate or law that makes it compulsory to use encryption when personal, medical or credit data is being stored?
These people should be hauled up and tossed into the sea.
Re: And we still don't use encryption, why?
They claim that it was encrypted, but no one outside of the circles within which this happened seems to know for sure just what kind of backup device it was supposed to be.
It makes a difference whether we are dealing with a backup tape or a USB data stick.
And why don’t they seem to know exactly what data is on the thing? Seems they have some widows and orphans.
Wonderful
Laptop, disk, tape theft has been happening for years now. Why is it that there’s no mandate or law that makes it compulsory to use encryption when personal, medical or credit data is being stored?
It wouldn’t have changed anything, laws don’t apply to government.
Class Action Lawsuit
My name and ss# is on that device and they are giving me 1 year of free credit protection from Debix. At first I was like thats cool of them and then I realised that I am going to be alive for longer than a year and that this is bull and we either need lifetime credit protection or it will be time for a good ole fasion class action lawsuit.
Re: Class Action Lawsuit
I agree with you totally!!!
Class Action
This is pathetic. Government has reached its tipping point. It has become too large. When the masses of the populous work for government it becomes a very volatile situation. Slavery anyone? So what are the State slaves going to do? Are you just a bunch of union hillbillies? My bet is you are. Why don’t you get off your stupid ‘duffs’ and realize that working for government is your mistake. Go to college. Start your businesses and quit being a bunch of f heads. Dumb f’ers.
Or begin this class action lawsuit and tell you children never to work for government. Tell their friends etc. Remember the Declaration of Independence? Remember why people die in wars? (Not present day wars of course). F’ing little f’ers. Stupid clowns.
yeah..mines on that too..i thought the year of debix was a slap in the face.
i am one of the 64,000 that had my personal info stolen. if all of you think it’s a crock, you should be in my shoes.
Use TPI
The simplest thing to do is talk to any military person on how to handle sensitive material. TPI. Two Person Integrity.
In addition, only those people who have an active security clearance AND the need to know this information are the only ones authorized to even have access.
Leave a backup in the car. How ridiculous! When I was in the Navy and had to change codes on the crypto comm systems, we were required to get the material from a locked safe managed by our Division Officer and we both had to be together LITERALLY for the WHOLE time we had possession of this material. AND we were not allowed to let anyone see it. This all came out cause of the Walker incidents.
Learn from your mistakes and learn from history.