In yet another case of stolen confidential data, the Social Security numbers and other personal details for all 64,467 employees in the Ohio state government have been stolen, Governor Ted Strickland announced Friday.
Strickland said the data was on a storage device taken from a state intern's , and that it requires special equipment to be accessed. "There's no reason to believe a breach of information has occurred," he told reporters.
The intern, working for the Office of Budget and Management and part of an interdepartmental computer project, left the device in a parked vehicle on Sunday and notified his supervisor the next day, after the car was broken into.
Free ID Protection
The governor said that the intern is being investigated by the Ohio Highway Patrol, and that more specifics about the storage device would not be released. State officials have said, however, that the device was not a laptop. Ohio officials determined that the device contained personal employee information after they spent two days reviewing more than 330,000 files in over 24,000 folders.
The governor announced that although there has not been any related identity theft reported, the state is offering free identity-theft protection services to affected employees, at a cost to Ohio taxpayers of more than $600,000.
As a result of the data theft, Strickland is changing state procedures for how such personal data is managed, including implementing new rules to establish what kind of data should be encrypted, and how.
Since 2002, Ohio's procedures have allowed for backup storage at a work-site computer, such as the interagency project computer that the intern was working on, and another backup to be taken home by employees on a rotating basis for safekeeping.
Strickland's change in procedure calls for an end to the practice of employees taking the storage device home, and for the second backup to be locked in a fireproof box at another location. Strickland said it was inappropriate for the data to have been given to an intern.
Other Security Breaches
Thefts of large amounts of confidential data from governmental agencies, nonprofit groups, and corporations are becoming commonplace. Cases have included the Veterans Affairs Department, major universities, and even credit-card companies.
In another recent example, pharmaceutical giant Pfizer informed 17,000 of its current and former employees that their names and Social Security numbers were exposed by a security leak. Earlier this month, the company's privacy officer, Lisa Goldman, sent a letter to employees that files on an employee's laptop were exposed.
Goldman's letter indicated that the laptop was running an unauthorized file-sharing application, which was disabled once Pfizer authorities learned about the situation. Like Ohio's response to provide some identity-theft assistance to its employees, Pfizer arranged for Experian, a credit reporting and monitoring agency, to enroll its employees for one year at no cost to them.