Ohio official loses a week's vacation for theft of tape
Drive stolen from car holds data on thousands of state workers and taxpayers
Computerworld - An Ohio state official must surrender about a week of future vacation time as punishment for not ensuring the security of personal data stored on a stolen backup tape holding Social Security and other personal data. The tape was pilfered in June from the car of an intern responsible for carrying data used by the Ohio state government's computer systems.
Jerry Miller, payroll team leader for the Ohio Department of Administrative Services' Administrative Knowledge System (OAKS) ERP project, was informed of the decision by department officials on Sep. 26, said Ron Sylvester, a spokesman for DAS. Miller accepted the penalty, Sylvester said.
Sylvester described Miller as a "stellar longtime DAS employee" and said he has been forthright in acknowledging his role in the "management glitch" pertaining to the stolen backup tape.
Last month, the state announced that an investigation by computer forensics experts at Interhack Corp. in Columbus, Ohio, had determined that the missing tape contained data on all 64,467 state employees, 19,388 former employees and 47,245 Ohio taxpayers.
The data breach is expected to cost the state upwards of $3 million.
Though the administrative services unit was responsible for the data, Sylvester said the tape was handled by a number of people from other state agencies.
"Part of the problem is [the data] was outside of any one single person's hands. There were people who were not full-time tasked to OAKS who were coming in from agencies doing data migration and testing and introducing data on the drive," said Sylvester. "We believe we had some contractors who continued to introduce data on the drive.
"One lesson that the state learned is that we need to throw more resources at security and privacy when we have an issue like that," he added
A third party brought in from Ohio's Office of Collective Bargaining investigated the incident and recommended the penalty, Sylvester said.
"The next time the state takes on a project of this scope, we're going to have people on the job whose major responsibility is just data security," he added.
Related News and Discussion:
- Mass. credit union bills TJX $590k for breach-related costs
- CJ Kelly's blog: Employee fired for a data breach?
- C.J. Kelly's blog: Hacking Stupidity 101: Never hack from home
- Ken Mingis' blog: Mac users 'unbearably smug' about security?
Read more about Applications in Computerworld's Applications Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Red Hat Enterprise Linux OpenStack Platform Datasheet Seamlessly transition to the cloud. Red Hat Enterprise Linux OpenStack Platform delivers an integrated foundation to create, deploy, and scale a secure and...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- IBM Flash Webcast: Optimizing your Datacenter for Efficient Storage & ROI Register for this webcast to learn the benefits of flash storage from IBM Customer, Leonardo Irastorza of Royal Caribbean Cruise Ltd and Storage... All Data Storage White Papers | Webcasts