[ISN] State hires computer security expert

From: InfoSec News (alerts@private)
Date: Sun Jun 17 2007 - 23:06:12 PDT


http://www.ohio.com/mld/beaconjournal/news/state/17383005.htm

By Matt Reed
Associated Press
June 17, 2007

COLUMBUS, Ohio - The state has hired a computer security expert who 
specializes in civil and criminal cases to determine the likelihood of 
someone getting access to the data on a stolen backup storage device, 
Gov. Ted Strickland said Sunday.

Matthew Curtin, 34, will begin Monday reviewing what's already known is 
on the device, whose theft was revealed on Friday.

Also on Sunday, Strickland said the device contained the names and case 
numbers of the state's 84,000 welfare recipients, who face "a remote 
threat of identity theft," and the names and federal tax identification 
number of vendors that receive payroll deduction payments from the state
- about 1,200 records. Sixteen of those records contain banking 
information, he said.

Strickland said the Ohio Department of Commerce on Monday would send 
letters to banks, credit unions and other financial institutions 
alerting them that customers' information may have been compromised.

Previously, it was revealed the device contained the names and Social 
Security numbers of all 64,000 state employees. It also contained bank 
account information about the state's school districts and Medicaid 
providers and information about 53,797 people enrolled in the state's 
pharmacy benefits management program and the names and Social Security 
numbers of about 75,532 dependents.

Strickland again said that he has no reason to believe the information 
has been compromised because getting it requires special equipment and 
expertise. He also has issued an executive order to change the 
procedures for handling state data. Strickland and Curtin said the 
analysis of what's on the device should be finished on Monday.

"The analysis of the data is nearly complete, but we have several 
additional files that are so complex that it will take some time," 
Strickland said at a Statehouse news conference on Sunday - his third in 
three days.

Curtin founded Interhack Corp. in Columbus 10 years ago. "We make the 
bad guys give up," the company says on its Web site. Curtin said he 
would have a better idea on how someone could get access to information 
on the device on Monday.

"We've just, just gotten started," Curtin said Sunday. "By tomorrow, 
I'll have some insight and have my hands around it."

The State Highway Patrol also announced Sunday that a post office box 
had been established in Columbus in hopes that the storage device would 
be returned anonymously.

The device - listed in a police report from suburban Hilliard as being 
worth $15 - was reported stolen along with a $200 radar detector, out of 
the car of 22-year-old Jared Ilovar, a college senior making $10.50 an 
hour in his state job. Ilovar is an intern with the Office of Management 
and Budget assigned to work on the state's $158 million payroll and 
accounting system. Telephone and e-mail messages seeking comment were 
left for Ilovar.

Strickland said Ilovar mistakenly left the device in a vehicle parked 
outside an apartment when it was supposed to be taken into his home as 
part of a protocol in place since 2002.

Sol Bermann, chief privacy officer at state Office of Information 
Technology, called Curtin one of the country's foremost data security 
experts.

"It's a third-party validation of our work. It's important that someone 
double-checks for us so that nothing is missed."

The state is expected to pay $50,000 to Curtin, who said he doesn't know 
how long his investigation will take.

-=-

Associated Press Writer John McCarthy contributed to this report

ON THE NET 
http://web.interhack.com


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jun 17 2007 - 23:21:09 PDT