Ohio Data Leak Follows The 'Worse Than First Thought' Plan
from the working-for-you dept
It's pretty much par for the course that when a data leak gets disclosed, it's followed up a few weeks later with another announcement revealing that even more people's information was lost than first thought. Whether that's because it takes some time to figure out the extent of losses or is just a PR ploy is open for debate. In any case, you might remember the recent case in Ohio, where the personal information of all the state's 64,000 or so employees was lost when a storage device containing it was stolen out of an intern's car. True to form, the state's governor has issued an update, revealing that it's not just the state employees whose info was stolen, but a total of about 500,000 people, including welfare recipients, state employees' dependents, and taxpayers with uncashed income tax refunds. We noted earlier that the intern had the device as part of the state's security protocol, in which employees rotated taking backups home with them in case data on the state's system was lost. While storing backups off-site has some merit, this incident highlights the idiocy of just passing out devices to employees and having them take them home, rather than storing them in some more secure manner. The state has now ordered an end to the practice, while the state police have set up a post office box "in hopes that the storage device would be returned anonymously." Somehow, given the great job state officials have done to advertise the potential value of the device, that seems pretty unlikely.