800,000 stolen social security numbers: a 22-year-old scape?

homerj742

http://tech.blorge.com/Structure:%20/2007/07/26/800000-stolen-social-security-numbers-a-22-year-old-scapegoat/

KGhaleon

Wow, that's pretty bad. I blame the company for allowing such a thing to take place.

KG

homerj742

KGhaleon wrote:

Wow, that's pretty bad. I blame the company for allowing such a thing to take place.

KG

You don't think letting an intern take the company's unencrypted tapes home is secure?

I don't know what's safer for the tapes, living them in his car, or on top of his tv when he remembered to bring them inside. lol

JDMurray

homerj742 wrote:

I don't know what's safer for the tapes, living them in his car, or on top of his tv when he remembered to bring them inside. lol

The tapes were probably partially degaussed by the TV, so they may be unreadable.

sprkymrk

Let's see...

An intern reports to an intern, who reports to a $125/hour contactor consultant, who reports to a $200/hour contractor consultant...

I wonder what else is going on RIGHT NOW that is putting Ohio tax payers data at risk. This is probably just the tip of the iceberg.

keatron

That's a common mistake consultants make (sometimes it's intentional). You must make the entity aware (awareness training), of the risks associated with things such as losing any data (risk assessment). Consultants should be vehicles that bring value the process, and operations of securing information. They should enhance this concept, and NEVER be the final decision maker.

seuss_ssues

1. First off who gives interns responsibility for backup tapes?
2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.
3. If they did have a tape reader there is no indication that they have any intentions of using the information.
4. Shouldn't the data be encrypted?

sprkymrk

seuss_ssues wrote:

1. First off who gives interns responsibility for backup tapes?

In Ohio, apparently other interns.

seuss_ssues wrote:

2. I highly doubt the person who "broke into 5 cars" has a tape reader on his computer.

He probably tried pawning the tape, not even knowing what it was. If the pawn shop owner recognized the possible value, even if only for sale on ebay, the data could still be at risk.

seuss_ssues wrote:

3. If they did have a tape reader there is no indication that they have any intentions of using the information.

Identity theft is a huge industry with ties to organized crime. If the 2-bit punk(s) pawned the tape to a pawn shop owner... see my note above.

seuss_ssues wrote:

4. Shouldn't the data be encrypted?

Of course. This was just one of the dozens of mistakes made in this incident.

empc4000xl

Off site storage shoulda been something like a safe depost box or a some type of place that stores items. Things like these should never be in a persons home.

shednik

WOW is all i have to say...

garv221

Thats what happens when an IT department becomes relaxed.

Anyone have a contact number for this department? I would love to hire on as the $200/hr guy.

homerj742

Ohio Plans to Encrypt Data after breach:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9052304&taxonomyId=19&intsrc=kc_top

JDMurray

I hope they're planning on using something stronger this time than rot13.

Schluep

JDMurray wrote:

I hope they're planning on using something stronger this time than rot13.

I hope they don't think some encryption software being installed all over the place is going to keep all of their data safe so they can leave it lying around in vehicles.

homerj742

Schluep wrote:

JDMurray wrote:

I hope they're planning on using something stronger this time than rot13.

I hope they don't think some encryption software being installed all over the place is going to keep all of their data safe so they can leave it lying around in vehicles.

Yeah, they're probably better off leaving it on top of the TV in the interns apartment.

Schluep

Ressurecting this thread to post about yet another vanishing tape containing 150,000 Social Security Numbers and Credit Card information for 650,000 people with accounts at retailers such as JC Penny:

http://hosted.ap.org/dynamic/stories/P/PENNEY_DATA_BREACH?SITE=CTDAN&SECTION=HOME&TEMPLATE=DEFAULT

In the past few months most of the data breach stories have been primarily related to back-up media that goes missing. Clearly those with malicious intent have learned something from reading the stories, but the people responsible for properly securing and transporting such data have not.