I discovered a long time ago, it would be pretty hard to keep up with all the data-breaches. After all, they seem to happen with alarming frequency.
The most recent blunder, enabled by a State of Ohio security procedure, illustrates how not very secure a lot of personal information is.
Stephen Majors of the AP (courtesy of Forbes) is reporting:
A 22-year-old intern was given the responsibility of safeguarding the personal information of thousands of state employees, a security procedure that ended up backfiring.
The names and Social Security numbers of all 64,000 Ohio state employees were stolen last weekend from a state agency intern who left a backup data storage device in his car, Gov. Ted Strickland said Friday.
Interesting, a security procedure that backfired?
The AP story gives more details on this:
Under protocol in place since 2002, a first backup storage device is kept at a temporary work site for a state office along with the computer system that holds all the employee information, and a second backup device is given to employees on a rotating basis to take home for safekeeping, officials said
I guess this means that rotating employees have the ability to take this “storage device” home — and if any of them happened to be dishonest — it wouldn’t be very hard to make a copy. Information is bought and sold by data-brokers, and criminals, alike. The reason for this is because it makes them a lot of money.
Of course, the official spin artists, aren’t stating exactly what the device is. The Police report states that it’s worth about $15, which isn’t very expensive, and therefore probaby isn’t very secure (my guess).
Governor Strickland was quoted in the article as saying:
“I don’t mean to alarm people unnecessarily.” “There’s no reason to believe a breach of information has occurred.”
Sadly enough, this might make sense — when information is protected like this, it probably could have been copied long ago — and no one would know any better. It wouldn’t be necessary to go through all the trouble of breaking into a car to steal it.
With security like this, the information could have been compromised a long time ago.
Governor Strickland’s site, which offers the “official spin” and free identity theft protection for the most recently “compromised,” can be seen, here.
AP Story, here.
The Privacy Rights Clearinghouse and Attrition.org do have people, who have the time to keep up on all the data-breaches, in case anyone wants to take a detailed look at the problem.
This information is worth money, here is a post about how it is being sold right on the Internet:
Information Week exposes the Internet Underworld
Insider theft is nothing new, and should be a concern when protecting information. As long as information is worth a lot of money, insiders will probably be solicited for it. Here is a post, I wrote about this matter:
Why it’s become TOO easy for restaurant workers to skim payment cards
Loading ...
1 user commented in " Ohio data breach reveals how “not very secure” personal information is "
Follow-up comment rss or Leave a TrackbackThe most alarming part of this article is the Ohio Governor’s statement indicating, because they don’t believe a breach of information has occurred, the victims needn’t be concerned. One, a breach of information did occur when the idiot intern left the storage device in his car as fair game for thieves. Think about it. Since there is no real value to something like this, why else would they steal it, except for the data. Two, Even if it were petty thieves, the awareness is high enough that, when they realize what they have, they’ll sell it to the highest bidder. Three, this is such an organized crime event now that the culprits hold the data until the heat is off, then use it when the victim is least suspecting.
The only answer is to give control over our names and personal data to the individual and compensate them when it is sold. You can read more in my blog, “The DunningLetter,” at: http://www.thedunningletter.blogspot.com.
Jack E. Dunning
Cave Creek, AZ
Leave A Reply