Stolen Utah Department of Workforce Services laptop exposes 2,000
Technorati Tag: Security Breach
Date Reported:
9/24/07
Organization:
State of Utah
Contractor/Consultant:
Department of Workforce Services
Victims:
Department of Workforce Services clients/job seekers
Number Affected:
2,000
Types of Data:
Social Security number and "other personal information"
Breach Description:
A laptop was reported stolen and on it was a spreadsheet containing personal information on roughly 2,000 Utah Department of Workforce Services customers.
Reference URL:
Deseret Morning Online Article
Report Credit:
Deseret Morning News
Response:
From the online resource referenced above:
"A laptop computer containing a spreadsheet with the the Social Security numbers and other personal information of about 2,000 people was reported stolen today by the Utah Department of Workforce Services"
"The computer is password-protected, making it less likely an unauthorized person would be able to access its contents, according to a DWS press release."
[Comfyllama] Ugh! Every time I see this "password-protected" response, I get irked! I have said this before, and I will say it again, PASSWORD PROTECTION IS NO PROTECTION, especially on Windows computers. When an organization says something like this it makes me think one of two things, either they know that password protection really means nothing and they are trying to fool victims or the organization is truly clueless with information security matters and actually thinks password protection is sufficient. You be the judge.
"DWS is reviewing its policies with all employees to prevent a similar theft in the future."
[Comfyllama] I would love to see what the "policies" are.
"The department is individually contacting every person listed on the spreadsheet to let them know that their personal information may have been compromised. DWS promised to help any individuals who experience problems stemming from the theft."
[Comfyllama] This can't be cheap. Utah tax payers are paying for it.
Commentary:
You may have noticed my demeanor when writing this post. I'm trying to figure it out. Maybe I'm just crabby today, maybe I am getting ticked off with organizations that treat data they DO NOT own (the data belongs to the victims) with little regard to it's confidentiality, maybe both.
Two lessons from this breach:
- Confidential data should not be stored on a laptop unless absolutely necessary.
- If it is absolutely necessary to store confidential information on a laptop, encrypt it!
Past Breaches:
Unknown
Date Reported:
9/24/07Organization:
State of Utah
Contractor/Consultant:
Department of Workforce Services
Victims:
Department of Workforce Services clients/job seekers
Number Affected:
2,000
Types of Data:
Social Security number and "other personal information"
Breach Description:
A laptop was reported stolen and on it was a spreadsheet containing personal information on roughly 2,000 Utah Department of Workforce Services customers.
Reference URL:
Deseret Morning Online Article
Report Credit:
Deseret Morning News
Response:
From the online resource referenced above:
"A laptop computer containing a spreadsheet with the the Social Security numbers and other personal information of about 2,000 people was reported stolen today by the Utah Department of Workforce Services"
"The computer is password-protected, making it less likely an unauthorized person would be able to access its contents, according to a DWS press release."
[Comfyllama] Ugh! Every time I see this "password-protected" response, I get irked! I have said this before, and I will say it again, PASSWORD PROTECTION IS NO PROTECTION, especially on Windows computers. When an organization says something like this it makes me think one of two things, either they know that password protection really means nothing and they are trying to fool victims or the organization is truly clueless with information security matters and actually thinks password protection is sufficient. You be the judge.
"DWS is reviewing its policies with all employees to prevent a similar theft in the future."
[Comfyllama] I would love to see what the "policies" are.
"The department is individually contacting every person listed on the spreadsheet to let them know that their personal information may have been compromised. DWS promised to help any individuals who experience problems stemming from the theft."
[Comfyllama] This can't be cheap. Utah tax payers are paying for it.
Commentary:
You may have noticed my demeanor when writing this post. I'm trying to figure it out. Maybe I'm just crabby today, maybe I am getting ticked off with organizations that treat data they DO NOT own (the data belongs to the victims) with little regard to it's confidentiality, maybe both.
Two lessons from this breach:
- Confidential data should not be stored on a laptop unless absolutely necessary.
- If it is absolutely necessary to store confidential information on a laptop, encrypt it!
Past Breaches:
Unknown
Posts Atom 1.0
Comments