Pennsylvania Department of Aging seniors affected by stolen laptop
Technorati Tag: Security Breach
Date Reported:
12/19/07
Organization:
State of Pennsylvania
Contractor/Consultant/Branch:
Department of Aging
Victims:
Pennsylvania senior citizens
Number Affected:
21,000
Types of Data:
Names, addresses, Social Security numbers, medical information and list of services received from the state.
Breach Description:
A laptop computer containing sensitive personal information belonging to Pennsylvania senior citizens was stolen from a Department of Aging employee's home on December 5, 2007.
Reference URL:
Patriot News Story (original)
Patriot News Story (updated)
Report Credit:
Jan Murphy, Patriot News
Response:
From the online sources cited above:
A state Department of Aging-owned laptop computer containing personal information on nearly 21,000 senior citizens was stolen from a Johnstown home during a Dec. 5 break-in.
The computer was issued to a department employee who works with the agencies on aging in Indiana, Union, Snyder and Clearfield counties
Police suspect the computer was taken for its street value
[Evan] Why would they suspect this? Criminals are not too bright for the most part, but the value of the computer is maybe $1,500. The value of the information is maybe $20+ per record (depending on quality). $20 x 21,000 = $420,000! $420,000 or $1,500?
There have been no reports of misuse of the information, which included names, addresses, Social Security numbers, some medical information and the services clients received
The affected seniors are in the process of being notified, and credit protection from TransUnion will be provided for 90 days at a cost to the state of $23,000
[Evan] 90 days? Why even bother?
Seniors then have the option of having the credit protection extended for a year at the state's expense.
Information on the computer was double password protected
[Evan] Oooh. Double password protected?! Nothing more than a minor nuisance to circumvent.
the department was in the process of encrypting computers and has since completed that work to provide additional protection
[Evan] Amen! The department has seen the light!
It also is in the process of centralizing information about clients so that the information does not have to be downloaded onto laptops when employees are out in the field, but that work is not completed
[Evan] Another good security practice.
Commentary:
The Pennsylvania Department of Aging should be commended for their decision to encrypt computers (complete) and centralize confidential information (in-process). These are two wise security decisions that will reduce the risk of future exposure. Obviously, there is much more that goes into an effective information security program and risk management, but we can assume that the department is taking these matters very seriously. Maybe the four breaches occurring at the State of Pennsylvania in the past four months spurred the changes, or maybe they were already in the process of making changes and these are unfortunate circumstances.
It stinks that these 21,000 seniors were on a computer that had not yet been encrypted.
Past Breaches:
December, 2007 - Stolen Pennsylvania Department of Public Welfare computer
September, 2007 - Pennsylvania Department of the Auditor General stolen laptop
September, 2007 - Stolen Pennsylvania Department of Public Welfare computers, 375,000 victims
Date Reported:12/19/07
Organization:
State of Pennsylvania
Contractor/Consultant/Branch:
Department of Aging
Victims:
Pennsylvania senior citizens
Number Affected:
21,000
Types of Data:
Names, addresses, Social Security numbers, medical information and list of services received from the state.
Breach Description:
A laptop computer containing sensitive personal information belonging to Pennsylvania senior citizens was stolen from a Department of Aging employee's home on December 5, 2007.
Reference URL:
Patriot News Story (original)
Patriot News Story (updated)
Report Credit:
Jan Murphy, Patriot News
Response:
From the online sources cited above:
A state Department of Aging-owned laptop computer containing personal information on nearly 21,000 senior citizens was stolen from a Johnstown home during a Dec. 5 break-in.
The computer was issued to a department employee who works with the agencies on aging in Indiana, Union, Snyder and Clearfield counties
Police suspect the computer was taken for its street value
[Evan] Why would they suspect this? Criminals are not too bright for the most part, but the value of the computer is maybe $1,500. The value of the information is maybe $20+ per record (depending on quality). $20 x 21,000 = $420,000! $420,000 or $1,500?
There have been no reports of misuse of the information, which included names, addresses, Social Security numbers, some medical information and the services clients received
The affected seniors are in the process of being notified, and credit protection from TransUnion will be provided for 90 days at a cost to the state of $23,000
[Evan] 90 days? Why even bother?
Seniors then have the option of having the credit protection extended for a year at the state's expense.
Information on the computer was double password protected
[Evan] Oooh. Double password protected?! Nothing more than a minor nuisance to circumvent.
the department was in the process of encrypting computers and has since completed that work to provide additional protection
[Evan] Amen! The department has seen the light!
It also is in the process of centralizing information about clients so that the information does not have to be downloaded onto laptops when employees are out in the field, but that work is not completed
[Evan] Another good security practice.
Commentary:
The Pennsylvania Department of Aging should be commended for their decision to encrypt computers (complete) and centralize confidential information (in-process). These are two wise security decisions that will reduce the risk of future exposure. Obviously, there is much more that goes into an effective information security program and risk management, but we can assume that the department is taking these matters very seriously. Maybe the four breaches occurring at the State of Pennsylvania in the past four months spurred the changes, or maybe they were already in the process of making changes and these are unfortunate circumstances.
It stinks that these 21,000 seniors were on a computer that had not yet been encrypted.
Past Breaches:
December, 2007 - Stolen Pennsylvania Department of Public Welfare computer
September, 2007 - Pennsylvania Department of the Auditor General stolen laptop
September, 2007 - Stolen Pennsylvania Department of Public Welfare computers, 375,000 victims
Posts Atom 1.0
Comments