December 11, 2007 - After being forced to announce in September that a computer tape containing information on approximately 85,000 current and former state employees and another 47,000 tax payers had been stolen from a car, the State of Ohio decided that it needed to do something. The state may actually be the first large government organization anywhere in the country to announce that it will be using state of the art encryption software from a commercial provider.
The Ohio breach occurred when a back-up computer tape was stolen out of a car that belonged to an employee of the state. That employee, an intern, was specifically tasked with transporting the tape and other data used by the state's computer system. It was completely unencrypted. This means that the data would be easily accessible to the people who stole it. The tape contained names, Social Security numbers and other identifying information on 64,467 state employees, 19,388 former employees and another 47,245 tax payers. Its loss is expected to cost the state around $3 million in direct costs. Not wanting to repeat this breach Ohio has signed a contract with McAfee, a computer software company that provides a variety of network security software to consumers and businesses. The state has agreed to purchase 60,000 software licenses for McAfee's Safe Boot program. The program encrypts stored data, making it virtually impossible for anyone to gain access to it without authorization. This is true even if an entire computer system was to be stolen. The state will start using the new software early next year. ACCESS applauds Ohio's decision. Not only will the state be protecting its citizens and tax payers. The decision to use a commercial vendor that already specializes in data security software rather than develop its own software internally is likely to save state tax payers millions of dollars and speed up the implementation process. Ohio's model should be seriously considered by other government agencies around the country. Anyone who is notified that their information was included in this breach should place a fraud alert on their credit file. Those who don't need access to instant credit should consider placing a freeze on their credit file. Credit or Security Freezes are now available in all states. by Jim Malmberg Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|