Ohio State Data Leak Now About 16 Times Worse Than Initially Disclosed

from the fun-with-numbers dept

Back in June, the state of Ohio said it had lost the personal information of some 64,000 state employees, after a storage device was stolen from an intern’s car — which, apparently according to its security protocols, was a suitable off-site storage location. The state dutifully followed the usual plan of releasing another announcement raising the number of people whose information was lost, putting it at 500,000. Turns out that was a little conservative; the state now says the figure is closer to one million, nearly 16 times the original claim. The governor and his staffers claim that nobody appears to have used the stolen information yet, and that it would take somebody with “special knowledge and understanding” to access it. Of course, coming from a place where storing stuff in an intern’s car is regarded as secure and safe, that claim doesn’t carry a lot of weight — nor does it make up for the egregious breach that occured.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Ohio State Data Leak Now About 16 Times Worse Than Initially Disclosed”

Subscribe: RSS Leave a comment
Nate Kohari (user link) says:


What isn’t commonly being reported when this is brought up is the fact that the hard drive was *encrypted*. It would take a serious effort to decrypt the contents — as in, a supercomputer and a few years, if they used a decent algorithm. Any breach like this is bad, but it’s important to get the facts straight. I live in Ohio, and the media was trumping this up so much that there were people that thought that *every person in the state* was in danger of having their identity stolen! Ridiculous.

JB says:

Organized Crime

I am absolutely mortified at the government of today. How can these mobsters get away with the embezzlement and crime that the various Ohio agencies and even our countries government commit every day????? The person who allowed this intern to take PI data out of the building should be removed (I’m being nice here). Additionally the agency should be made to pay a severe price for this crime just as any other person would have to. Also, to Nate, how can you tell us the data was encrypted?? Are you from this agency? I have consulted with a state agency and they can not even move beyond spreadsheets for data storage.

Sherm says:

Data leak

Outside of the voters having the ability to remove the elected officials and bad press, it still seems like the state will get away with a slap on the wrist.

At some point the security of confidential information cannot be left to interpretation of a “CIO”, board of directors, share holders or anyone who thinks they can spell security.

Overcast says:

Encrypted like… DVD’s?


Sure… umm, no one can get to the data… Unless of course, they really want to!

In otherwords – if it’s just a common thief, who got the data by mistake; no worries. However; if it was something more, like a person who is much more technically adept who’s intent was to steal confidential information, you better watch out!

In the end, what’s being said is that it doesn’t matter if it’s protected or encrypted. If it’s a common thief who’s stealing junk from cars, he wouldn’t have a clue what the data was from the start. If it was someone intent on stealing that information – then they likely have the ‘special knowledge and understanding’.

Really doesn’t matter what safeguards are in place given the common sense of the matter. It’s been proven over and over and over again, if someone is determined to get to that data – they will.

Nate Kohari (user link) says:


@Overcast: Uh, no, not like DVDs. More like the credit card number that you’ve send over SSL connections. Unless they’re complete dolts, they’re using something at least as powerful as triple-DES to encrypt. Any real encryption algorithm around today would take a tremendous amount of processing power to crack in a brute-force attempt.

Also, @TheDock22, shut up about Ohioans. We am not that stoopid. 🙂

Joe says:

This is a joke

This article is completely inaccurate. Poorly written yellow journalism looking to get a rise out of the masses.
Looks like Carlo didn’t do a lot of research before putting together this masterpiece. State policies are public record, go read them for yourselves.
Don’t believe everything you read on the internet people.

FromTheTop says:


ChoicePoint has settled with 44 states over a data breach that potentially gave CRIMINALS access to personal information of 145,000 consumers. Govenor Strickland said, “a stolen computer storage device in Ohio had taxpayers and Social Security Numbers of 561,126 people with refund checks on the device”. Now it’s worse! IDENTITY THEFT PROTECTION-Call: 1-800-251-3803 Code#9685

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...