http://www.ohio.com/mld/beaconjournal/news/state/17395223.htm By STEPHEN MAJORS Associated Press June 20, 2007 COLUMBUS, Ohio - A missing computer backup tape containing personal information on 64,000 state employees and family members also holds the names and Social Security numbers of 225,000 taxpayers, Gov. Ted Strickland said Wednesday. The tape, stolen last week from a state intern's car, contained information on taxpayers who have not cashed state income tax refund checks issued in 2005, 2006 and through May 29, 2007, Strickland said in what has become a nearly daily release of newfound information contained on the tape since the first disclosure Friday. The list includes checks that were cashed after May 29. In addition, the tape includes the names and Social Security numbers of 602 lottery winners who have yet to cash their winning tickets and 2,488 Ohioans who have yet to cash checks for unclaimed funds payments, Strickland said. It also holds the names and bank account numbers for approximately 650 to 1,000 electronic funds transfers that weren't completed because they were bounced back by banking institutions. Among other information on the device is bank account information for school districts and details on people enrolled in the state's pharmacy benefits program. Strickland said he can't be certain the tape doesn't contain other sensitive information until an expert hired to review the data determines he's finished. The administration continues to maintain that it does not believe the information has been accessed because it would require specific hardware, software and expertise. Strickland said 20,000 state employees had signed up for identity-theft protection as of Tuesday night, and there had been no indications that someone had attempted to use their personal information. The state is paying more than $700,000 to provide all state employees with identity-theft protection services and to hire an independent computer expert to review what data the tape contained. Officials said they would extend identity-theft protection services to the new categories of people announced Wednesday. The tape was stolen June 10 out of the unlocked car of a 22-year-old intern who had been designated to take the backup device home as part of a standard security procedure. When the governor announced the theft Friday, he also issued an executive order ending the practice of employees taking backup devices home for safekeeping and mandating a review of how state data is handled, including establishing an encryption protocol. Data security experts said the unencrypted tape, described by Hilliard police as roughly 4 inches square and an inch thick, could be breached by someone with computer expertise, time and financial resources. Ohio taxpayers can search an online database to determine whether their names are included in the stolen files. If so, they will receive a pin number they can use to sign up for identity-theft protection. Officials do not believe they will need to seek additional funds to fund the additional categories because generally about 20 percent of those eligible sign up for such services. The funding released Monday by the Controlling Board assumed all employees would use the protection. The state entered into a "pay as you go" contract with Debix, the service provider, and will use more funds if necessary, officials said. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 21 2007 - 00:25:21 PDT