Personal information stolen from Georgia DHR
Technorati Tag: Security Breach
Date Reported:
3/21/08
Organization:
State of Georgia
Contractor/Consultant/Branch:
Department of Human Resources
Victims:
Current and former employees
Number Affected:
Unknown
Types of Data:
"names, social security numbers, birth dates, home contact and federal tax information"
Breach Description:
"The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of confidential records that may expose personal employee information."
Reference URL:
Georgia Department of Human Resources
The Lincoln Journal
Report Credit:
Georgia Department of Human Resources
Response:
From the online sources cited above:
The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of confidential records that may expose personal employee information.
An external hard drive that stored a database containing identifying information such as names, social security numbers, birth dates, home contact and federal tax information was removed by an unauthorized person.
The agency warns that the breach took place on or around March 19th.
[Evan] This is a very quick public response by Georgia DHR.
Since discovering the breach, DHR has been working diligently to inform employees of the breach while also conducting an internal investigation led by the Office of Investigative Services.
The agency has also proactively alerted the three credit bureaus about the situation.
[Evan] Using "proactively" is interesting. This seems more reactive to me!
DHR has instituted a new directive which requires password protection on jump and flash drives and portable computer media that contains personnel information.
[Evan] So what? What about encryption? I am interested to see how this works out for DHR.
Additionally, the agency is directing employees to secure these items when away from their desks and offices.
While DHR has no evidence that the information is being used fraudulently, the agency is taking every immediate measure to limit the possibility of potential fraud and identity theft.
Georgia law indicates that all residents are to receive two credit reports free of charge each year. The agency urges employees to retrieve a copy of their credit report and request a fraud alert be placed on their records. Employees should contact each credit bureau at the following: Experian, P. O. Box 9595, Allen, TX 75013-9595 Tel: ; Equifax, P. O. Box 740241, Atlanta, GA 30374-0241 Tel: ; and Trans Union, P. O. Box 1000, Chester, PA 19022 Tel: .
Commentary:
I have more questions than answers about this breach. DHR is mandating password protection with no mention of encryption. I wonder if encryption is meant to be implied and how DHR will enforce the new directive.
Past Breaches:
Unknown
Date Reported:3/21/08
Organization:
State of Georgia
Contractor/Consultant/Branch:
Department of Human Resources
Victims:
Current and former employees
Number Affected:
Unknown
Types of Data:
"names, social security numbers, birth dates, home contact and federal tax information"
Breach Description:
"The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of confidential records that may expose personal employee information."
Reference URL:
Georgia Department of Human Resources
The Lincoln Journal
Report Credit:
Georgia Department of Human Resources
Response:
From the online sources cited above:
The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of confidential records that may expose personal employee information.
An external hard drive that stored a database containing identifying information such as names, social security numbers, birth dates, home contact and federal tax information was removed by an unauthorized person.
The agency warns that the breach took place on or around March 19th.
[Evan] This is a very quick public response by Georgia DHR.
Since discovering the breach, DHR has been working diligently to inform employees of the breach while also conducting an internal investigation led by the Office of Investigative Services.
The agency has also proactively alerted the three credit bureaus about the situation.
[Evan] Using "proactively" is interesting. This seems more reactive to me!
DHR has instituted a new directive which requires password protection on jump and flash drives and portable computer media that contains personnel information.
[Evan] So what? What about encryption? I am interested to see how this works out for DHR.
Additionally, the agency is directing employees to secure these items when away from their desks and offices.
While DHR has no evidence that the information is being used fraudulently, the agency is taking every immediate measure to limit the possibility of potential fraud and identity theft.
Georgia law indicates that all residents are to receive two credit reports free of charge each year. The agency urges employees to retrieve a copy of their credit report and request a fraud alert be placed on their records. Employees should contact each credit bureau at the following: Experian, P. O. Box 9595, Allen, TX 75013-9595 Tel: ; Equifax, P. O. Box 740241, Atlanta, GA 30374-0241 Tel: ; and Trans Union, P. O. Box 1000, Chester, PA 19022 Tel: .
Commentary:
I have more questions than answers about this breach. DHR is mandating password protection with no mention of encryption. I wonder if encryption is meant to be implied and how DHR will enforce the new directive.
Past Breaches:
Unknown
Posts Atom 1.0
This is not the first time that "current and former employees" information has been stolen. About a year ago, the same thing happened, and another incident took place where they had given away some computers from the agency that still included all confidential information of clients, etc. readily available upon bootup.
Reply to this