N.C. seniors affected by stolen laptop
Technorati Tag: Security Breach
Date Reported:
11/05/08
Organization:
State of North Carolina
Contractor/Consultant/Branch:
Department of Health and Human Services
Division of Aging and Adult Services
Location:
Raleigh, North Carolina*
*the incident occurred in Atlanta, Georgia
Victims:
Clients
Number Affected:
"as many as 80,000"
Types of Data:
Names, Social Security numbers and other personal information
Breach Description:
"Raleigh, N.C. - A laptop computer belonging to an employee of the state Division of Aging and Adult Services was stolen in Atlanta last month as the employee was returning from a conference, state officials said Wednesday."
Reference URL:
WRAL Channel 5 News
Associated Press via WCSC Channel 5 News
Asheville Citizen-Times
United Press International
Salisbury Post
Report Credit:
WRAL Channel 5 News
Response:
From the online sources cited above:
Raleigh, N.C. - A laptop computer belonging to an employee of the state Division of Aging and Adult Services was stolen in Atlanta last month as the employee was returning from a conference, state officials said Wednesday.
The laptop contains personal information about some clients receiving home and community services from DAAS
The files have Social Security numbers and other personal information of seniors across the state.
[Evan] Is this business as usual, or is this some kind of exception at DAAS? Is it acceptable for DAAS employees to carry sensitive personal information on poorly secured laptops wherever they go? I don't get it. Negligence, ignorance, or both?
The laptop may have contained as many as 80,000 senior citizens' files.
state officials have contacted those people since the Oct. 25 incident to alert them to the potential for identity theft
The computer disappeared from an airport shuttle bus on Oct. 25
The information on the laptop was password-protected, officials said.
[Evan] So what?! I hope people aren't fooled into believing that password protection is anything more than a nuisance to anyone who wants to see what's stored on the laptop. It is not adequate protection in and of itself.
A second group of DAAS clients will receive a different letter informing them that certain information about them was on the laptop and that they should be cautious of unusual phone calls or other inquiries
[Evan] What really stinks is the fact that senior citizens are typically easier prey for scammers.
seniors shouldn't panic over the letter
[Evan] Agreed. Panic no, concern yes. Panic is rarely a good reaction to anything.
Anyone with questions or concerns is asked to call the state Department of Health and Human Services CARE-LINE, Information and Referral Service at 1- or 1- for hearing-impaired people.
Division director Dennis Streets said he's sorry for what happened and will work with Atlanta police in the hopes the computer will be recovered.
DAAS also contacted the State Bureau of Investigations and the Consumer Protection Section of the Attorney General's Office.
Commentary:
I did not read any reference to encryption, so I am assuming that this laptop was not encrypted. I also don't think that it is too much of a stretch to assume all laptops used by DAAS are unencrypted. What do organizations use as excuses for incidents such as this? How long will poor basic security be accepted? I would love to know what DAAS is planning to do in order to prevent a similar incident from occurring in the future. Ugh.
Past Breaches:
Unknown
Date Reported:11/05/08
Organization:
State of North Carolina
Contractor/Consultant/Branch:
Department of Health and Human Services
Division of Aging and Adult Services
Location:
Raleigh, North Carolina*
*the incident occurred in Atlanta, Georgia
Victims:
Clients
Number Affected:
"as many as 80,000"
Types of Data:
Names, Social Security numbers and other personal information
Breach Description:
"Raleigh, N.C. - A laptop computer belonging to an employee of the state Division of Aging and Adult Services was stolen in Atlanta last month as the employee was returning from a conference, state officials said Wednesday."
Reference URL:
WRAL Channel 5 News
Associated Press via WCSC Channel 5 News
Asheville Citizen-Times
United Press International
Salisbury Post
Report Credit:
WRAL Channel 5 News
Response:
From the online sources cited above:
Raleigh, N.C. - A laptop computer belonging to an employee of the state Division of Aging and Adult Services was stolen in Atlanta last month as the employee was returning from a conference, state officials said Wednesday.
The laptop contains personal information about some clients receiving home and community services from DAAS
The files have Social Security numbers and other personal information of seniors across the state.
[Evan] Is this business as usual, or is this some kind of exception at DAAS? Is it acceptable for DAAS employees to carry sensitive personal information on poorly secured laptops wherever they go? I don't get it. Negligence, ignorance, or both?
The laptop may have contained as many as 80,000 senior citizens' files.
state officials have contacted those people since the Oct. 25 incident to alert them to the potential for identity theft
The computer disappeared from an airport shuttle bus on Oct. 25
The information on the laptop was password-protected, officials said.
[Evan] So what?! I hope people aren't fooled into believing that password protection is anything more than a nuisance to anyone who wants to see what's stored on the laptop. It is not adequate protection in and of itself.
A second group of DAAS clients will receive a different letter informing them that certain information about them was on the laptop and that they should be cautious of unusual phone calls or other inquiries
[Evan] What really stinks is the fact that senior citizens are typically easier prey for scammers.
seniors shouldn't panic over the letter
[Evan] Agreed. Panic no, concern yes. Panic is rarely a good reaction to anything.
Anyone with questions or concerns is asked to call the state Department of Health and Human Services CARE-LINE, Information and Referral Service at 1- or 1- for hearing-impaired people.
Division director Dennis Streets said he's sorry for what happened and will work with Atlanta police in the hopes the computer will be recovered.
DAAS also contacted the State Bureau of Investigations and the Consumer Protection Section of the Attorney General's Office.
Commentary:
I did not read any reference to encryption, so I am assuming that this laptop was not encrypted. I also don't think that it is too much of a stretch to assume all laptops used by DAAS are unencrypted. What do organizations use as excuses for incidents such as this? How long will poor basic security be accepted? I would love to know what DAAS is planning to do in order to prevent a similar incident from occurring in the future. Ugh.
Past Breaches:
Unknown
Posts Atom 1.0
Comments