I used to think it was bad when the local news would run scare stories about hackers breaking into your computer if you left it plugged in. No, not turned on and online or even on with the modem plugged in...just plugged into the wall.

Looking back, I should have supported those urban legends. Maybe if stupid people were paranoid enough they'd leave computers alone.


Data on 64,000 Ohio state workers stolen
http://www.chron.com/disp/story.mpl/...n/4894981.html

COLUMBUS, Ohio A data storage device with the Social Security numbers and other personal information on all 64,000 Ohio state employees was stolen from a state intern's car last weekend, Gov. Ted Strickland said Friday.

Late Friday, the governor's office said the storage device also may have held information about participants in the state's pharmacy benefits management program and the names and Social Security numbers of their dependents.

Strickland said it takes special equipment to access the information on the device, so he doesn't believe the workers' privacy is in jeopardy.

"I don't mean to alarm people unnecessarily," he said. "There's no reason to believe a breach of information has occurred."

Strickland said he was not allowed to specifically describe the computer device or other details surrounding the theft, under direction from law enforcement investigating the theft.

The device listed in a police report as being worth $15 was reported stolen along with a $200 radar detector out of 22-year-old Jared Ilovar's car. [Ok, so 99% chance it was a USB thumbdrive.]

Ilovar, a college senior making $10.50 an hour as an intern with the Office of Management and Budget, was assigned to work on the state's $158 million payroll and accounting system.

A message seeking comment was left for Ilovar.

Dawn Rice, an employee in the state Senate clerk's office, wasn't that bothered that sensitive information was being transported in cars on inexpensive equipment.

"I think it's not that big of a deal," she said. "The person who stole it would really have to know what he's doing." [And what encryption do you use Ms. Rice?]

[Curiously that very word was used in an updated release]
What officials don't know is whether the thief is an unsuspecting common car burglar or a computer-literate opportunist with the capability of unlocking the code encrypting thousands of Social Security numbers.
[Bet ya the data isn't encrypted, rather the drive is using a PW. Anyone with the least interest can get by a password so long as they have unrestricted access to the hardware. Chances are it was a simple smash and grab robbery and nothing will come of it, but that doesn't excuse them in the least.]

It was just the latest case of personal information on thousands of employees disappearing or being inappropriately accessed. Several universities, corporations and even the Veterans Affairs Department have reported lost or stolen data.

In the Ohio case, Strickland said the state would provide employees access to free identity protection services for the next year, a cost he estimated at about $660,000. [Your tax dollars at work!]

He also issued an executive order to change state procedures for handling such data.

Under protocol in place since 2002, a first backup storage device is kept at a temporary work site for a state office along with the computer system that holds all the employee information, and a second backup device is given to employees on a rotating basis to take home for safekeeping, officials said. [Offsite redundant storage solution...right, ok, no. Retake that luncheon seminar on security.]

Strickland said it was inappropriate for an intern to be designated that responsibility, and he ordered an end to the practice of employees taking the devices home. State Budget Director Pari Sabety said the device now would be stored in another location in a locked, fireproof box.