Connecticut state officials in the US have acknowledged that an employee laptop containing thousands of taxpayer names and social security numbers was stolen about two weeks ago, but said there was no indication that the information had been used for fraud.
Sarah Kaufman of the state revenue department said the news had been delayed to give staff time to determine what was on the laptop and who might be affected.
According to published reports, the affected taxpayers will be notified by letter. A web site has also been set up for citizens to find out whether their personal data was stored on the laptop.
Misplaced or stolen laptops have become a growing security problem. The biggest case of personal data being exposed to possible fraud due to such an incident occurred at the US Department of Veterans Services (VA) last year, when a laptop computer housing the personal data of 26.5 million veterans and about 2.2 million active duty personnel was stolen from the home of a department employee. The laptop was eventually recovered.
News source: Computer Weekly
Sarah Kaufman of the state revenue department said the news had been delayed to give staff time to determine what was on the laptop and who might be affected.
According to published reports, the affected taxpayers will be notified by letter. A web site has also been set up for citizens to find out whether their personal data was stored on the laptop.
Misplaced or stolen laptops have become a growing security problem. The biggest case of personal data being exposed to possible fraud due to such an incident occurred at the US Department of Veterans Services (VA) last year, when a laptop computer housing the personal data of 26.5 million veterans and about 2.2 million active duty personnel was stolen from the home of a department employee. The laptop was eventually recovered.
News source: Computer Weekly
Let me see.... give a laptop to an employee, let them load it up with sensitive data, poke your head in the sand and pray it doesn't get stolen, if it does then just offer some wishy-washy statement that it's not really as bad as all that.
There's no excuse for carrying data like this when it is easily accessible via VPN.
Fire the employee. Fire the IT security team.
Sue the cr@p out of the state.
Just maybe other states and companies will begin to get the point.
There's no excuse for carrying data like this when it is easily accessible via VPN.
Fire the employee. Fire the IT security team.
This is PRECISELY why VPN exists for crying out loud. So that the local machine does not host confidential information...period. It's also why the password can't be saved automatically for secure sockets/vpn, etc. As long as these issues are covered, anyone stealing the laptop can't access the data directly or remotely until long after IT has disabled and then replaced the account in question for the careless (or ripped off) owner.
I see that happening from miles away.
Pip'
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.