http://www.ohio.com/mld/beaconjournal/news/state/17383005.htm By Matt Reed Associated Press June 17, 2007 COLUMBUS, Ohio - The state has hired a computer security expert who specializes in civil and criminal cases to determine the likelihood of someone getting access to the data on a stolen backup storage device, Gov. Ted Strickland said Sunday. Matthew Curtin, 34, will begin Monday reviewing what's already known is on the device, whose theft was revealed on Friday. Also on Sunday, Strickland said the device contained the names and case numbers of the state's 84,000 welfare recipients, who face "a remote threat of identity theft," and the names and federal tax identification number of vendors that receive payroll deduction payments from the state - about 1,200 records. Sixteen of those records contain banking information, he said. Strickland said the Ohio Department of Commerce on Monday would send letters to banks, credit unions and other financial institutions alerting them that customers' information may have been compromised. Previously, it was revealed the device contained the names and Social Security numbers of all 64,000 state employees. It also contained bank account information about the state's school districts and Medicaid providers and information about 53,797 people enrolled in the state's pharmacy benefits management program and the names and Social Security numbers of about 75,532 dependents. Strickland again said that he has no reason to believe the information has been compromised because getting it requires special equipment and expertise. He also has issued an executive order to change the procedures for handling state data. Strickland and Curtin said the analysis of what's on the device should be finished on Monday. "The analysis of the data is nearly complete, but we have several additional files that are so complex that it will take some time," Strickland said at a Statehouse news conference on Sunday - his third in three days. Curtin founded Interhack Corp. in Columbus 10 years ago. "We make the bad guys give up," the company says on its Web site. Curtin said he would have a better idea on how someone could get access to information on the device on Monday. "We've just, just gotten started," Curtin said Sunday. "By tomorrow, I'll have some insight and have my hands around it." The State Highway Patrol also announced Sunday that a post office box had been established in Columbus in hopes that the storage device would be returned anonymously. The device - listed in a police report from suburban Hilliard as being worth $15 - was reported stolen along with a $200 radar detector, out of the car of 22-year-old Jared Ilovar, a college senior making $10.50 an hour in his state job. Ilovar is an intern with the Office of Management and Budget assigned to work on the state's $158 million payroll and accounting system. Telephone and e-mail messages seeking comment were left for Ilovar. Strickland said Ilovar mistakenly left the device in a vehicle parked outside an apartment when it was supposed to be taken into his home as part of a protocol in place since 2002. Sol Bermann, chief privacy officer at state Office of Information Technology, called Curtin one of the country's foremost data security experts. "It's a third-party validation of our work. It's important that someone double-checks for us so that nothing is missed." The state is expected to pay $50,000 to Curtin, who said he doesn't know how long his investigation will take. -=- Associated Press Writer John McCarthy contributed to this report ON THE NET http://web.interhack.com _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Sun Jun 17 2007 - 23:21:09 PDT