Ohio State Data Leak Now About 16 Times Worse Than Initially Disclosed

from the fun-with-numbers dept

Back in June, the state of Ohio said it had lost the personal information of some 64,000 state employees, after a storage device was stolen from an intern's car -- which, apparently according to its security protocols, was a suitable off-site storage location. The state dutifully followed the usual plan of releasing another announcement raising the number of people whose information was lost, putting it at 500,000. Turns out that was a little conservative; the state now says the figure is closer to one million, nearly 16 times the original claim. The governor and his staffers claim that nobody appears to have used the stolen information yet, and that it would take somebody with "special knowledge and understanding" to access it. Of course, coming from a place where storing stuff in an intern's car is regarded as secure and safe, that claim doesn't carry a lot of weight -- nor does it make up for the egregious breach that occured.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Slartibartfast, Jul 11th, 2007 @ 8:32pm

    "special knowledge and understanding"

    I wonder what that would be?

    Turn on computer and insert CD ......

    Wouldn't be too many people with that sort of special knowledge and understanding.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    nonuser, Jul 11th, 2007 @ 9:20pm

    to get free access to the site's award-winning news coverage.

    Has any news organization ever *not* won any awards for their coverage? This reminds me of city restaurants that post awards they've won on their storefronts, some from journals that perhaps few people have ever heard of.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    bodiby (profile), Jul 11th, 2007 @ 9:32pm

    I am one of them..

    I was just thinking how I can not believe this stuff is still happening. Then I realized that I have the backup tapes for my company in my unlocked car. There are over 10,000 credit card numbers on one of those tapes.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Carlo, Jul 11th, 2007 @ 9:45pm

    Re:

    Sorry, I didn't realize that link asked for registration. I've changed it to one that shouldn't.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Nate Kohari, Jul 12th, 2007 @ 4:08am

    Still...

    What isn't commonly being reported when this is brought up is the fact that the hard drive was *encrypted*. It would take a serious effort to decrypt the contents -- as in, a supercomputer and a few years, if they used a decent algorithm. Any breach like this is bad, but it's important to get the facts straight. I live in Ohio, and the media was trumping this up so much that there were people that thought that *every person in the state* was in danger of having their identity stolen! Ridiculous.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    JB, Jul 12th, 2007 @ 6:24am

    Organized Crime

    I am absolutely mortified at the government of today. How can these mobsters get away with the embezzlement and crime that the various Ohio agencies and even our countries government commit every day????? The person who allowed this intern to take PI data out of the building should be removed (I'm being nice here). Additionally the agency should be made to pay a severe price for this crime just as any other person would have to. Also, to Nate, how can you tell us the data was encrypted?? Are you from this agency? I have consulted with a state agency and they can not even move beyond spreadsheets for data storage.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    TheDock22, Jul 12th, 2007 @ 6:42am

    Re:

    Wouldn't be too many people with that sort of special knowledge and understanding.

    Well it is Ohio you know. If they elect people into their government that allows interns to keep confidential information of any kind outside of work, you have to wonder about the citizens. ;)

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Sherm, Jul 12th, 2007 @ 6:58am

    Data leak

    Outside of the voters having the ability to remove the elected officials and bad press, it still seems like the state will get away with a slap on the wrist.

    At some point the security of confidential information cannot be left to interpretation of a "CIO", board of directors, share holders or anyone who thinks they can spell security.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Overcast, Jul 12th, 2007 @ 7:01am

    Encrypted like... DVD's?

    lol

    Sure... umm, no one can get to the data... Unless of course, they really want to!

    In otherwords - if it's just a common thief, who got the data by mistake; no worries. However; if it was something more, like a person who is much more technically adept who's intent was to steal confidential information, you better watch out!

    In the end, what's being said is that it doesn't matter if it's protected or encrypted. If it's a common thief who's stealing junk from cars, he wouldn't have a clue what the data was from the start. If it was someone intent on stealing that information - then they likely have the 'special knowledge and understanding'.

    Really doesn't matter what safeguards are in place given the common sense of the matter. It's been proven over and over and over again, if someone is determined to get to that data - they will.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Justin, Jul 12th, 2007 @ 7:13am

    Not that this makes it alright that it ever happened in the first place, but I do know that Ohio is at least offering a year's worth of identity theft insurance to all of those whose SSN's were compromised.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Nate Kohari, Jul 12th, 2007 @ 9:32am

    Uh...

    @Overcast: Uh, no, not like DVDs. More like the credit card number that you've send over SSL connections. Unless they're complete dolts, they're using something at least as powerful as triple-DES to encrypt. Any real encryption algorithm around today would take a tremendous amount of processing power to crack in a brute-force attempt.

    Also, @TheDock22, shut up about Ohioans. We am not that stoopid. :)

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Joe, Jul 12th, 2007 @ 2:07pm

    This is a joke

    This article is completely inaccurate. Poorly written yellow journalism looking to get a rise out of the masses.
    Looks like Carlo didn't do a lot of research before putting together this masterpiece. State policies are public record, go read them for yourselves.
    Don't believe everything you read on the internet people.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Carlo, Jul 12th, 2007 @ 2:42pm

    Re: This is a joke

    Care to explain how it's completely inaccurate?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Steve, Jul 12th, 2007 @ 5:33pm

    Re: This is a Joke

    He's full of Sh** Carlo, ignore him.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Joe, Jul 12th, 2007 @ 8:48pm

    Fact checking

    Your facts are wrong, I'm not going to do you research for you.
    Atta boy Steve, stay with the herd!

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    FromTheTop, Jul 15th, 2007 @ 8:34am

    Security

    ChoicePoint has settled with 44 states over a data breach that potentially gave CRIMINALS access to personal information of 145,000 consumers. Govenor Strickland said, "a stolen computer storage device in Ohio had taxpayers and Social Security Numbers of 561,126 people with refund checks on the device". Now it's worse! IDENTITY THEFT PROTECTION-Call: 1-800-251-3803 Code#9685

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This