Former employee takes Ohio police and fire retiree information
Technorati Tag: Security Breach
Date Reported:
8/27/08
Organization:
Ohio Police & Fire Pension Fund
Contractor/Consultant/Branch:
None
Victims:
"retired Ohio police officers and firefighters"
Number Affected:
"about 13,000"
Types of Data:
"names, addresses and Social Security numbers"
Breach Description:
"A database that contains the names, addresses and Social Security numbers of 13,000 retired Ohio police officers was improperly transmitted by a retired Ohio Police & Fire Pension Fund employee, officials said Wednesday."
Reference URL:
The Enquirer
Associated Press via WTTE FOX Channel 28 News
The Columbus Dispatch
Report Credit:
Jon Craig, The Enquirer
Response:
From the online sources cited above:
COLUMBUS, Ohio (AP) -- The retirement system for Ohio police officers and firefighters told its members this week that some personal information had been improperly released.
The Ohio Police and Fire Pension Fund told about 13,000 members that their names, addresses and Social Security numbers were released.
The system has about 24,000 members.
The fund says a former mailroom supervisor forwarded the information from his work e-mail address to his personal e-mail address before quitting his job Aug. 15.
[Evan] I am sure that these types of occurrences happen much more often then they are reported. The last two organizations that I worked with were both found to be sending extremely sensitive information to personal email accounts. The people were using personal email as a matter of convenience, while completely unaware of the risks involved.
Pension officials said there's no reason to think that the ex-employee, 56-year-old Richard A. Conway, is misusing the information or forwarding it to others.
[Evan[ Read on. If Mr. Conway had noble intentions, then why does he refuse to return the information and sign an affadavit stating that he will not use or forward the information?
"We just don't believe that there was malicious intent for personal gain, but he did violate our policies by taking this information out of the building," said William Estabrook, executive director of the pension system.
[Evan] I appreciate the fact that the organization has policies against this type or information use, but I question how these things are enforced.
On Aug. 18, Estabrook sent Conway a certified letter in which he asked the former employee to state in writing that he would not use the forwarded information for any purpose, including charitable solicitations.
Conway did not respond by the Aug. 22 deadline, Estabrook said.
[Evan] Why? What are Mr. Conway's motives?
The matter was turned over to Columbus police yesterday, he said.
Conway could not be reached for comment.
Pension officials discovered the breach when they noticed an unusually large file attachment from Conway's state e-mail account to what appeared to be a personal address
[Evan] Kudos to the Ohio Police and Fire Pension Fund. A vast majority of organizations would have never discovered anything unusual.
Conway has assured an attorney for the pension system that he has no intention of misusing the data, but he would not put that into writing, pension officials said
Commentary:
Is Mr. Conway holding the personal information belonging to these former employees hostage in order to make some kind of statement? We know very little about this incident, but I don't hold Mr. Conway in a favorable light. Playing with fire.
Past Breaches:
Unknown
Date Reported:8/27/08
Organization:
Ohio Police & Fire Pension Fund
Contractor/Consultant/Branch:
None
Victims:
"retired Ohio police officers and firefighters"
Number Affected:
"about 13,000"
Types of Data:
"names, addresses and Social Security numbers"
Breach Description:
"A database that contains the names, addresses and Social Security numbers of 13,000 retired Ohio police officers was improperly transmitted by a retired Ohio Police & Fire Pension Fund employee, officials said Wednesday."
Reference URL:
The Enquirer
Associated Press via WTTE FOX Channel 28 News
The Columbus Dispatch
Report Credit:
Jon Craig, The Enquirer
Response:
From the online sources cited above:
COLUMBUS, Ohio (AP) -- The retirement system for Ohio police officers and firefighters told its members this week that some personal information had been improperly released.
The Ohio Police and Fire Pension Fund told about 13,000 members that their names, addresses and Social Security numbers were released.
The system has about 24,000 members.
The fund says a former mailroom supervisor forwarded the information from his work e-mail address to his personal e-mail address before quitting his job Aug. 15.
[Evan] I am sure that these types of occurrences happen much more often then they are reported. The last two organizations that I worked with were both found to be sending extremely sensitive information to personal email accounts. The people were using personal email as a matter of convenience, while completely unaware of the risks involved.
Pension officials said there's no reason to think that the ex-employee, 56-year-old Richard A. Conway, is misusing the information or forwarding it to others.
[Evan[ Read on. If Mr. Conway had noble intentions, then why does he refuse to return the information and sign an affadavit stating that he will not use or forward the information?
"We just don't believe that there was malicious intent for personal gain, but he did violate our policies by taking this information out of the building," said William Estabrook, executive director of the pension system.
[Evan] I appreciate the fact that the organization has policies against this type or information use, but I question how these things are enforced.
On Aug. 18, Estabrook sent Conway a certified letter in which he asked the former employee to state in writing that he would not use the forwarded information for any purpose, including charitable solicitations.
Conway did not respond by the Aug. 22 deadline, Estabrook said.
[Evan] Why? What are Mr. Conway's motives?
The matter was turned over to Columbus police yesterday, he said.
Conway could not be reached for comment.
Pension officials discovered the breach when they noticed an unusually large file attachment from Conway's state e-mail account to what appeared to be a personal address
[Evan] Kudos to the Ohio Police and Fire Pension Fund. A vast majority of organizations would have never discovered anything unusual.
Conway has assured an attorney for the pension system that he has no intention of misusing the data, but he would not put that into writing, pension officials said
Commentary:
Is Mr. Conway holding the personal information belonging to these former employees hostage in order to make some kind of statement? We know very little about this incident, but I don't hold Mr. Conway in a favorable light. Playing with fire.
Past Breaches:
Unknown
Posts Atom 1.0
Comments