The names and Social Security numbers of all 64,000 Ohio state employees were stolen last weekend from a state agency intern who left a backup data storage device in his car, Gov. Ted Strickland said.
An additional review of data revealed that the storage device also may have held information about participants in the state's pharmacy benefits management program and the names and Social Security numbers of their dependents. Strickland has asked Ohio Inspector General Tom Charles to investigate.
What officials don't know is whether the thief is an unsuspecting common car burglar or a computer-literate opportunist with the capability of unlocking the code encrypting thousands of Social Security numbers.
Either way, Strickland said the security procedure failed, and he issued an executive order to change the practices for handling state data.
Officials were still determining whether the storage device contains any other personal information.
"I don't mean to alarm people unnecessarily," Strickland said. "There's no reason to believe a breach of information has occurred."
The governor said he was not allowed to specifically describe the computer device or other details surrounding the theft, under direction from law enforcement.
The device — listed in a police report as being worth $15 — was reported stolen along with a $200 radar detector out of Jared Ilovar's car.
A message seeking comment was left for Ilovar, a college senior making $10.50 an hour as an intern with the Office of Management and Budget.
Under protocol in place since 2002, a first backup storage device is kept at a temporary work site for a state office along with the computer system that holds all the employee information, and a second backup device is given to employees on a rotating basis to take home for safekeeping, officials said.
Strickland said it was inappropriate for an intern to be designated that responsibility, and he ordered an end to the practice of employees taking the devices home. State Budget Director Pari Sabety said the device now would be stored in another location in a locked, fireproof box.
It was just the latest case of personal information on thousands of employees disappearing or being inappropriately accessed. Several universities, including Ohio State University and Ohio University, and even the Veterans Affairs Department have reported lost or stolen data.
In the Ohio case, Dawn Rice, an employee in the state Senate clerk's office, wasn't that bothered that sensitive information was being transported in cars on inexpensive equipment.
"I think it's not that big of a deal," she said. "The person who stole it would really have to know what he's doing."
Last Mod: 16 Haziran 2007, 20:12