News Currents
Ohio Gov. changes security procedure after workers’ data stolen
A 22-year-old intern was given the responsibility of safeguarding the personal information of thousands of state employees in Ohio, a security procedure that ended up backfiring.
The names and Social Security numbers of all 64,000 Ohio state employees were stolen from a state agency intern who left a backup data storage device in his car, Gov. Ted Strickland said on June 15.
An additional review of data revealed that the storage device also may have held information about participants in the state’s pharmacy benefits management program and the names and Social Security numbers of their dependents. Strickland has asked Ohio Inspector General Tom Charles to investigate.
What officials don’t know is whether the thief is an unsuspecting common car burglar or a computer-literate opportunist with the capability of unlocking the code encrypting thousands of Social Security numbers.
Either way, Strickland said the security procedure failed, and he issued an executive order to change the practices for handling state data.
Officials were still determining whether the storage device contains any other personal information.
“I don’t mean to alarm people unnecessarily,” Strickland said. “There’s no reason to believe a breach of information has occurred.”
The governor said he was not allowed to specifically describe the computer device or other details surrounding the theft, under direction from law enforcement.
The device, listed in a police report as being worth $15, was reported stolen along with a $200 radar detector out of Jared Ilovar’s car.
A message seeking comment was left for Ilovar, a college senior making $10.50 an hour as an intern with the Office of Management and Budget.
Under protocol in place since 2002, a first backup storage device is kept at a temporary work site for a state office along with the computer system that holds all the employee information, and a second backup device is given to employees on a rotating basis to take home for safekeeping, officials said.
Strickland said it was inappropriate for an intern to be designated that responsibility, and he ordered an end to the practice of employees taking the devices home. State Budget Director Pari Sabety said the device now would be stored in another location in a locked, fireproof box.
It was just the latest case of personal information on thousands of employees disappearing or being inappropriately ac-cessed. Several universities, including Ohio State University and Ohio University, and even the Veterans Affairs Department have reported lost or stolen data.
Copyright 2007Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
- My Safe Florida Condo Program Runs Out of Funding in One Week
- Global Non-Life Insurance Rates ‘Plateauing’ but Nat Cat Losses Delay Market Softening
- Gunmaker Sig Sauer Must Pay $11 Million Over Pistol That Fired Accidentally
- Arbitration Claims Against LNG Exporter Venture Global Reach Close to $6 Billion