Stolen car with South Carolina DHEC laptop inside
Technorati Tag: Security Breach
Date Reported:
1/31/08
Organization:
State of South Carolina
Contractor/Consultant/Branch:
Department of Health and Environmental Control
Victims:
"DHEC Region 2 employees in Spartanburg, Cherokee, Union, Greenville and Pickens counties"
Number Affected:
400
Types of Data:
Names and Social Security numbers
Breach Description:
On Tuesday, Jan. 22, a DHEC employee's personal vehicle was stolen from a convenience store near the DHEC Region 2 office in Spartanburg. Inside the vehicle was a DHEC-issued laptop computer which contained sensitive personal information belonging to certain DHEC employees.
Reference URL:
South Carolina DHEC Media Advisory
WYFF Channel 4 News story
WCBD Channel 2 News story
Report Credit:
South Caroline Department of Health and Environmental Control
Response:
From the online sources cited above:
On Tuesday, Jan. 22, a DHEC employee's personal vehicle was stolen from a convenience store near the DHEC Region 2 office in Spartanburg. Inside the vehicle was a DHEC-issued laptop computer. The computer, which is password-protected, contained the names and Social Security numbers of DHEC Region 2 employees in Spartanburg, Cherokee, Union, Greenville and Pickens counties.
[Evan] Why even mention "password-protected"? Aren't all of our computer operating systems password-protected now? Password protection is not an adequate control to protect the confidentiality of sensitive information. I feel bad for the person that had their car stolen though.
DHEC is working closely with the Spartanburg Department of Public Safety and other law enforcement agencies to find the laptop computer and the personal vehicle.
DHEC is notifying appropriate credit reporting bureaus on behalf of the approximately 400 regional employees.
At this time, DHEC has no information or evidence that the employees' Social Security numbers have been used. No other personal information was stored on the computer. The investigation is continuing.
Commentary:
There is not much more information known about this breach as of the time of this writing. The response from the DHEC is short and so is a preventative tip, encrypt laptops containing (or creating, accessing, transferring, etc.) confidential information!
Past Breaches:
Unknown
Date Reported: 1/31/08
Organization:
State of South Carolina
Contractor/Consultant/Branch:
Department of Health and Environmental Control
Victims:
"DHEC Region 2 employees in Spartanburg, Cherokee, Union, Greenville and Pickens counties"
Number Affected:
400
Types of Data:
Names and Social Security numbers
Breach Description:
On Tuesday, Jan. 22, a DHEC employee's personal vehicle was stolen from a convenience store near the DHEC Region 2 office in Spartanburg. Inside the vehicle was a DHEC-issued laptop computer which contained sensitive personal information belonging to certain DHEC employees.
Reference URL:
South Carolina DHEC Media Advisory
WYFF Channel 4 News story
WCBD Channel 2 News story
Report Credit:
South Caroline Department of Health and Environmental Control
Response:
From the online sources cited above:
On Tuesday, Jan. 22, a DHEC employee's personal vehicle was stolen from a convenience store near the DHEC Region 2 office in Spartanburg. Inside the vehicle was a DHEC-issued laptop computer. The computer, which is password-protected, contained the names and Social Security numbers of DHEC Region 2 employees in Spartanburg, Cherokee, Union, Greenville and Pickens counties.
[Evan] Why even mention "password-protected"? Aren't all of our computer operating systems password-protected now? Password protection is not an adequate control to protect the confidentiality of sensitive information. I feel bad for the person that had their car stolen though.
DHEC is working closely with the Spartanburg Department of Public Safety and other law enforcement agencies to find the laptop computer and the personal vehicle.
DHEC is notifying appropriate credit reporting bureaus on behalf of the approximately 400 regional employees.
At this time, DHEC has no information or evidence that the employees' Social Security numbers have been used. No other personal information was stored on the computer. The investigation is continuing.
Commentary:
There is not much more information known about this breach as of the time of this writing. The response from the DHEC is short and so is a preventative tip, encrypt laptops containing (or creating, accessing, transferring, etc.) confidential information!
Past Breaches:
Unknown
Comments