Georgia parolee information lost on stolen computer
Technorati Tag: Security Breach
Date Reported:
2/3/09
Organization:
State of Georgia
Contractor/Consultant/Branch:
State Board of Pardons and Paroles
Location:
Roswell, Georgia
Victims:
"current and past parolees supervised by the agency since 1998"
Number Affected:
Unknown
Types of Data:
"names, dates of birth and social security numbers"
Breach Description:
The Georgia State Board of Pardons and Paroles has issued a News Release announcing the theft of a computer from a contractor working on behalf of the agency. The computer contained sensitive information belonging to certain current and former parolees.
Reference URL:
State Board of Pardons and Paroles News Release
The Daily Citizen
Report Credit:
The State Board of Pardons and Paroles
Response:
From the online sources cited above:
Atlanta, GA – Late last week, the offices of a state contractor in Roswell, Georgia, were burglarized and a computer was stolen.
[Evan] Should the State Board of Pardons and Paroles require sensitive information encryption from their contractors and other third-party partners?
The contractor was working with the agency to convert its Case Management System to a newer technology.
Although the stolen computer was the property of the contractor, it did contain state information on current and past parolees supervised by the agency since 1998.
[Evan] I assume that some of these current and past parolees are trying to live within the law now, and I would think that they have enough going against them as it is.
Information regarding current and past parolees that was lost in the burglary includes names, dates of birth and social security numbers.
Persons who have solely been supervised as probationers were not a part of this database.
The information was secured by multiple levels of passwords, and there is no evidence that it has been accessed or compromised.
[Evan] Multiple levels of passwords? It's harder to manage (create, store, remember, etc.) multiple passwords than it would be to just encrypt the hard drive, don't you think? Do you think there is a chance that the passwords were written down nearby?
Local authorities and the Georgia Bureau of Investigation are actively investigating the burglary.
As a precaution, current and former parolees should check banking and credit accounts for any indication that someone else is using their personal information, and remember to monitor the use of their personal information by regularly requesting a credit report.
Anyone who believes that they have experienced identity theft or unauthorized use of their personal information should inform their local law enforcement officials.
[Evan] Yeah, call local law enforcement. Don't bother the board!
Commentary:
It seems as though hard drive and/or data encryption is still sorely lacking globally. I wouldn't be surprised if we start to see more laws and regulations that will require data-at-rest and data-in-transit encryption. Unfortunately there are too many organizations that don't do the right thing, so they have to be told and sometime forced to.
Past Breaches:
State of Georgia:
March, 2008 -
Personal information stolen from Georgia DHR

2/3/09
Organization:
State of Georgia
Contractor/Consultant/Branch:
State Board of Pardons and Paroles
Location:
Roswell, Georgia
Victims:
"current and past parolees supervised by the agency since 1998"
Number Affected:
Unknown
Types of Data:
"names, dates of birth and social security numbers"
Breach Description:
The Georgia State Board of Pardons and Paroles has issued a News Release announcing the theft of a computer from a contractor working on behalf of the agency. The computer contained sensitive information belonging to certain current and former parolees.
Reference URL:
State Board of Pardons and Paroles News Release
The Daily Citizen
Report Credit:
The State Board of Pardons and Paroles
Response:
From the online sources cited above:
Atlanta, GA – Late last week, the offices of a state contractor in Roswell, Georgia, were burglarized and a computer was stolen.
[Evan] Should the State Board of Pardons and Paroles require sensitive information encryption from their contractors and other third-party partners?
The contractor was working with the agency to convert its Case Management System to a newer technology.
Although the stolen computer was the property of the contractor, it did contain state information on current and past parolees supervised by the agency since 1998.
[Evan] I assume that some of these current and past parolees are trying to live within the law now, and I would think that they have enough going against them as it is.
Information regarding current and past parolees that was lost in the burglary includes names, dates of birth and social security numbers.
Persons who have solely been supervised as probationers were not a part of this database.
The information was secured by multiple levels of passwords, and there is no evidence that it has been accessed or compromised.
[Evan] Multiple levels of passwords? It's harder to manage (create, store, remember, etc.) multiple passwords than it would be to just encrypt the hard drive, don't you think? Do you think there is a chance that the passwords were written down nearby?
Local authorities and the Georgia Bureau of Investigation are actively investigating the burglary.
As a precaution, current and former parolees should check banking and credit accounts for any indication that someone else is using their personal information, and remember to monitor the use of their personal information by regularly requesting a credit report.
Anyone who believes that they have experienced identity theft or unauthorized use of their personal information should inform their local law enforcement officials.
[Evan] Yeah, call local law enforcement. Don't bother the board!
Commentary:
It seems as though hard drive and/or data encryption is still sorely lacking globally. I wouldn't be surprised if we start to see more laws and regulations that will require data-at-rest and data-in-transit encryption. Unfortunately there are too many organizations that don't do the right thing, so they have to be told and sometime forced to.
Past Breaches:
State of Georgia:
March, 2008 -
Comments