From what I read the data is at least encrypted. (for now)

I hope they are also budgeting for any necessary reimbursment and credit restoration assistance as part of this process. I mean, c'mon!!!

Oh, excellent.. a sensible computer security policy developed as a byproduct of damage control.

The state ought to damn well provide credit monitoring for MORE than one year. That's an insult.

Oh, I read the monitoring site. up to $5000 protection only. Not enough!! I guess they are hoping to cut a lot of fraud off at the pass...

I live in Ohio. This is obviously big news here. What is "Funny" about this is that our illustrious former Governor ordered the IT guy at the state to do this (take the data home) in order to protect the data.

What I can't believe is that an IT guru would have thought this was a good idea, encrypted or not. "Sure, governor sir, we'll take sensitive data home every night to ensure its protection." There have got to be much, much better ways to safeguard this data. And then to turn the responsibility over to an intern???

Heads will roll. It will just be interesting to see whose heads.

Taking data home is the worst of all security, any IT person should know better. It's like a bank manager taking home the cash in the vault in case the bank gets robbed, ridiculous. I'm not one for lawsuits but I see a huge one here. IDIOTS!! Not only should they be fired, but never be trusted with anything again. And why do companies insist on keeping all their eggs in one basket? I mean employees and their families data all in one place, just for something like this to happen? Again, IT should have known better.

Hmmm, wow the US gov. is still in the stone age with IT thinking...maybe that's why INDIA has a {proportionally} bigger IT industry.

It will just be interesting to see whose heads.

Money flows uphill, the stink rolls downhill.

I work commercial claims first notice of loss for an insurance company. And I am not quite sure, but I do believe I took a general liability claim for this incident. It had the same situation, employee took laptop home and it was stolen from the employee's car. In the statement I took from the caller, which was a representative of the company that handles all of the

ayy lets try this again...continued...

employees information, he did not disclose the exact amount of info that was in the disk. Again, not sure if this was the same incident, but it did sound awfully familiar.

This makes me wonder how much other critical information is stored on some cheap laptop rather than a datacenter, or at the very least, a server.

Encryption will be enough to stop the average thief, but why is a risk like this even taken? Same crap as the government keeping nuclear secrets on laptops... it makes no sense at all and the risk always outweighs the reward.

If anything, if its encrypted, nobody is even gonna bother decrypting it....since with current technology, it can take...about 10-100 years, depending on the cypher strength......

Also, if it has the "call home" hardware, then they shouldnt have any trouble tracing it.

Generally, the black guy that stole it, is gonna sell it cheap to some shop in the region, usually an indian or arab convinience store, and then its drive gets wiped completely, a fresh install of an illegal copy of windows xp, with some software like office and powerdvd and symantec corporate....and fench it for an inflated price on ebay.......hell %70 of all laptops that are on ebay are stolen...

I just got a "Dear John" letter from the local hospital. It seems that my personal information (Name, address, SS#) along with those of 9300 others, were left "exposed" to the Internet for over a month by the company that handles online payment transactions (Verus, Inc).

The letter basically said "Oops, sorry, you may be vulnerable to identity theft..better put a fraud alert letter in your credit file." I don't blame the hospital, since it was a third party vendor that caused the incident, but nobody is stepping up to the plate here to help.

In a strange twist of fate, a week earlier my insurance company talked me into adding identity-theft protection to my homeowner's policy. I might just need that.

Off to submit my fraud alert letter now.

At this stage of the game, can't we all agree to simply shoot anyone responsible for leaving this kind of information on a laptop that's stolen? I'm talking about the policy-setters, not the poor dweebs ordered to do so (well, unless they can't prove they wouldn't have done it otherwise).

It's America, so it doesn't have to be a head shot. Knee or groin would be fine.

As a soon to be IT admin, there is a very simple way on having employees who need to work on the data afterhours to do so. Take one laptop, add a VPN client, plus an evdo card for anywhere access. All the convience of home work without ACTUALLY TAKING THE DATA HOME.

@cde:

Exactly. Since you login with a username/password, you can just delete the username when a computer is stolen and create a new one and still conserve the same level of security. The evdo card though would be a luxury most government agencies can not afford, most have internet access at home anyways.

@ShadowFalls: Well most government agencies can get a discount on (and afford one) evdo account. Second, with RSA rotating security token devices, it makes it ever harder for the data to be accessed. They would have to steal both the laptop and the person's token.

Hm.

Ted Piaskowski of Butler, Ohio is turning 37 today. Happy birthday, man!

What's amazing is that it was "stolen" from an intern's car. Why would an intern have this kind of info??? After all the times something like this has happened in the state, why would they still think it's a great idea?

Ok, I can't be the only person wondering this...

WHY DON'T THEY PUT THIS KIND OF STUFF ON DESKTOP COMPUTERS, ENCRYPTED AND CHAINED DOWN???

Ahem. Ok, I'm done now.