Who Breached: Oklahoma Department of Human Services
Number Affected: 1 Million+
Information breached: Social Security Numbers
How: laptop stolen from car
It's been a while since I've done a major highlight of any recent data breaches. They keep happening, to be sure, but the details often start to look the same. However, this one caught my eye from it's magnitude. The Oklahoma Department of Human Services (OKDHS) is notifying more than 1 million residents of the state that their data has been breached as the result of a stolen, unencrypted, laptop.
According to their press release, a password-protected OKDHS laptop was stolen from an employee vehicle (a far too common theft location). The laptop contained names, Social Security Numbers, dates of birth and home addresses for clients who received Medicaid, Child Care assistance, and other program assistance. The laptop was stolen on April 3rd with a press release going out from OKDHS on April 23rd. Letters to affected clients started to go out in the same week.
OKDHS Director Howard H. Hendrick believes the "risk of the data being accessed is low because the computer uses a password protected system," which is only a very minor security protocol. There's no guarantee the password was strong and, even with strong password-protection, systems with no additional security precautions pose a high risk for being easily accessed. It is believed that the employee was not violating any policy in place, indicating that the current information security policy does not deal with taking data home or with proper data asset handling.
According to the Security Incident FAQ, OKDHS believes they have "numerous security measures" in place already to ensure client data is safeguarded, but plan to review all policy, procedures and training methods. Let's hope this sheds some light through the entire organization about how much more can - and should - be done to protect sensitive information.
You can help prevent data breaches such as these, or recover from them more easily, with strong computer security policies, enforcement and training and software such as Computrace from Absolute, which offers many layers of security protection.
Via SC Magazine