City of Goodyear alerts nearly 570 employees of compromise
Technorati Tag: Security Breach
Date Reported:
10/25/08
Organization:
City of Goodyear (AZ)
Contractor/Consultant/Branch:
None
Location:
Goodyear, Arizona
Victims:
Employees
Number Affected:
"nearly 570"
Types of Data:
Social Security numbers
Breach Description:
"Goodyear is offering identity-theft protection to nearly 570 city employees after a list of their Social Security numbers was stolen from the car of a staffer who had taken the data home."
Reference URL:
The Arizona Republic
Report Credit:
Elias C. Arnold, The Arizona Republic and a special thanks to informed reader Rob at InsideIDTheft.info
Response:
From the online source cited above:
Goodyear is offering identity-theft protection to nearly 570 city employees after a list of their Social Security numbers was stolen from the car of a staffer who had taken the data home.
"The information should never have left the city and steps have already been taken to insure that this does not reoccur," City Manager John Fischbach wrote in an e-mail sent Thursday to city staff.
[Evan] This is assuming that the data would have been more secure at "the city". I would be interested in the steps the city has taken to insure this type of incident doesn't happen again.
Burglars reportedly took the list late Wednesday while the employee's car was parked at her Glendale home. They stole a video game system and a CD case with the list inside.
[Evan] Does this mean that the list was stored on a CD? Most PCs and laptops come equipped with CD/DVD burners now, and I don't think all that many organizations disable or remove them.
City officials recovered the list Friday.
A nearby resident called the city to report finding the list in their yard.
[Evan] Thank God. The thief must have left it behind not believing the CD had any value to him/her.
According to Fischbach, the employee took the list from city hall to verify medical insurance billing while she took care of a sick child at home.
She received a written reprimand.
[Evan] Is there a policy prohibiting the removal of confidential information on mobile media? If so, are all employees made aware of the policy and how to comply? It is easy to write policy, but policy is useless if nobody knows about it (or what it says).
In an interview Thursday, Fischbach said the employee could have kept the theft quiet but instead reported it to management.
"Quite frankly, she's to be commended," he said.
[Evan] Really?
The city will pay California-based TrustedID $6,500 for the identity theft protection service.
Goodyear will offer the added security for a year.
It also plans to review its policy requiring staff to protect confidential information.
Commentary:
We make things so convenient, don't we? Thousands of employees working for thousands of organizations take sensitive information home with them everyday on mobile devices and media.
Past Breaches:
Unknown
Date Reported:10/25/08
Organization:
City of Goodyear (AZ)
Contractor/Consultant/Branch:
None
Location:
Goodyear, Arizona
Victims:
Employees
Number Affected:
"nearly 570"
Types of Data:
Social Security numbers
Breach Description:
"Goodyear is offering identity-theft protection to nearly 570 city employees after a list of their Social Security numbers was stolen from the car of a staffer who had taken the data home."
Reference URL:
The Arizona Republic
Report Credit:
Elias C. Arnold, The Arizona Republic and a special thanks to informed reader Rob at InsideIDTheft.info
Response:
From the online source cited above:
Goodyear is offering identity-theft protection to nearly 570 city employees after a list of their Social Security numbers was stolen from the car of a staffer who had taken the data home.
"The information should never have left the city and steps have already been taken to insure that this does not reoccur," City Manager John Fischbach wrote in an e-mail sent Thursday to city staff.
[Evan] This is assuming that the data would have been more secure at "the city". I would be interested in the steps the city has taken to insure this type of incident doesn't happen again.
Burglars reportedly took the list late Wednesday while the employee's car was parked at her Glendale home. They stole a video game system and a CD case with the list inside.
[Evan] Does this mean that the list was stored on a CD? Most PCs and laptops come equipped with CD/DVD burners now, and I don't think all that many organizations disable or remove them.
City officials recovered the list Friday.
A nearby resident called the city to report finding the list in their yard.
[Evan] Thank God. The thief must have left it behind not believing the CD had any value to him/her.
According to Fischbach, the employee took the list from city hall to verify medical insurance billing while she took care of a sick child at home.
She received a written reprimand.
[Evan] Is there a policy prohibiting the removal of confidential information on mobile media? If so, are all employees made aware of the policy and how to comply? It is easy to write policy, but policy is useless if nobody knows about it (or what it says).
In an interview Thursday, Fischbach said the employee could have kept the theft quiet but instead reported it to management.
"Quite frankly, she's to be commended," he said.
[Evan] Really?
The city will pay California-based TrustedID $6,500 for the identity theft protection service.
Goodyear will offer the added security for a year.
It also plans to review its policy requiring staff to protect confidential information.
Commentary:
We make things so convenient, don't we? Thousands of employees working for thousands of organizations take sensitive information home with them everyday on mobile devices and media.
Past Breaches:
Unknown
Posts Atom 1.0
Comments