800,000 stolen social security numbers: a 22-year-old scape?
Comments
-
KGhaleon
Member Posts: 1,346 ■■■■□□□□□□
Wow, that's pretty bad. I blame the company for allowing such a thing to take place.
KGPresent goals: MCAS, MCSA, 70-680 -
homerj742
Member Posts: 251
KGhaleon wrote:Wow, that's pretty bad. I blame the company for allowing such a thing to take place.
KG
You don't think letting an intern take the company's unencrypted tapes home is secure?
I don't know what's safer for the tapes, living them in his car, or on top of his tv when he remembered to bring them inside. lol -
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
Let's see...
An intern reports to an intern, who reports to a $125/hour contactor consultant, who reports to a $200/hour contractor consultant...
I wonder what else is going on RIGHT NOW that is putting Ohio tax payers data at risk. This is probably just the tip of the iceberg.All things are possible, only believe. -
keatron
Member Posts: 1,213 ■■■■■■□□□□
That's a common mistake consultants make (sometimes it's intentional). You must make the entity aware (awareness training), of the risks associated with things such as losing any data (risk assessment). Consultants should be vehicles that bring value the process, and operations of securing information. They should enhance this concept, and NEVER be the final decision maker. -
seuss_ssues
Member Posts: 629
1. First off who gives interns responsibility for backup tapes?
2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.
3. If they did have a tape reader there is no indication that they have any intentions of using the information.
4. Shouldn't the data be encrypted? -
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
In Ohio, apparently other interns.seuss_ssues wrote:1. First off who gives interns responsibility for backup tapes?
He probably tried pawning the tape, not even knowing what it was. If the pawn shop owner recognized the possible value, even if only for sale on ebay, the data could still be at risk.seuss_ssues wrote:2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.
Identity theft is a huge industry with ties to organized crime. If the 2-bit punk(s) pawned the tape to a pawn shop owner... see my note above.seuss_ssues wrote:3. If they did have a tape reader there is no indication that they have any intentions of using the information.
Of course. This was just one of the dozens of mistakes made in this incident.seuss_ssues wrote:4. Shouldn't the data be encrypted?All things are possible, only believe. -
empc4000xl
Member Posts: 322
Off site storage shoulda been something like a safe depost box or a some type of place that stores items. Things like these should never be in a persons home.
-
garv221
Member Posts: 1,914
Thats what happens when an IT department becomes relaxed.
Anyone have a contact number for this department? I would love to hire on as the $200/hr guy. -
homerj742
Member Posts: 251
Ohio Plans to Encrypt Data after breach:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9052304&taxonomyId=19&intsrc=kc_top -
JDMurray
Admin Posts: 13,115 Admin
I hope they're planning on using something stronger this time than rot13. -
homerj742
Member Posts: 251
Schluep wrote:
I hope they don't think some encryption software being installed all over the place is going to keep all of their data safe so they can leave it lying around in vehicles.
Yeah, they're probably better off leaving it on top of the TV in the interns apartment. -
Schluep
Member Posts: 346
Ressurecting this thread to post about yet another vanishing tape containing 150,000 Social Security Numbers and Credit Card information for 650,000 people with accounts at retailers such as JC Penny:
http://hosted.ap.org/dynamic/stories/P/PENNEY_DATA_BREACH?SITE=CTDAN&SECTION=HOME&TEMPLATE=DEFAULT
In the past few months most of the data breach stories have been primarily related to back-up media that goes missing. Clearly those with malicious intent have learned something from reading the stories, but the people responsible for properly securing and transporting such data have not.
