Slashdot Mirror
Intern Loses 800,000 Social Security Numbers
destinyland writes "A 22-year-old intern said today he's the 'scapegoat' for the loss of over 800,000 social security numbers - or roughly 7.3% of the people in the entire state of Ohio. From the article: 'The extent of my instructions on what to do after I removed the tapes from the tape drive and took the tapes out of the building was, bring these back tomorrow.' Three months into his $10.50-an-hour internship, he left the tapes in his car overnight — unencrypted — and they were stolen. Interestingly, the intern reports to a $125-an-hour consultant — and was advised not to tell the police that sensitive information had been stolen, which initially resulted in his becoming the prime suspect for the theft. Ohio's Inspector General faults the lack of data encryption — and too many layers of consultants. But their investigation (pdf) revealed that Ohio's Office of Management and Budget had been using the exact same procedure for over eight years."
"Three months into his $10.50-an-hour internship, he left the tapes in his car overnight -- unencrypted -- and they were stolen, and his 1990 Yugo mysteriously replaced with a new Ferrari."
After all these years, they've finally found a security hole in the Sneakernet.
Slashdot Burying Stories About Slashdot Media Owned
Intern Loses 800,000 Social Security Numbers, 1 Internship
Fixed it for you.
If you pay taxes you work for the government =)
First, someone decided to blame the Scaled Composites explosion on Bush and now this? I don't like Bush, either, but there are (still) limits to his power, you know.
Ben Hocking
Need a professional organizer?
I stubbed my toe this morning on my coffee table. Explain to me how that is NOT Bush's fault. You got no answer for that one, huh?
800,000 SSN numbers
9 digits in an SSN number
1 comma delimiter per number
-----------
8,000,000 digits
This is still under Gmail's 10mb per email rule. He could have just emailed himself the list as backup.
(yes, I know there's more data than the number. That's why you get 2.8gb+ of space!)
Typing common names and random numbers into that site got me a hit on only the second try! I have (or rather, Mr Smith has) been assigned an activation PIN and given a toll-free phone number to dial(although I doubt it would be free from the part of the world I'm living in).
What's the betting I can bluff through the rest of the security checks and get some free money?
No, I think that he very definitely was there the day that lesson was taught. It was the morning after he took a set of backup tapes home.
I'm obviously in the wrong career path; I could be losing SSN's for $125 an hour! Maybe next year I can move on to some $200 an hour medical record losing gig.
... let's throw a little conspiracy angle in. OK! Wayne Madsen has a conspiracy theory that all of the data thefts are a black op to populate the Total Information Awareness database, which is itself now a black op.He maintains a chart of data thefts that shows millions of records from both public and private sources, but the chart is now on the subscription portion of the site.
Computers are useless. They can only give you answers.
-- Pablo Picasso
Slashdot headline, July 27, 2008: "800,000 identities stolen in Ohio"
Errrm... He was studying "computers" at DeVry. That is NOT "Computer Science". Let me illustrate the difference:
:)
Computer Science:
"So, as you can see, the Halting Problem cannot be solved using Turing Machines; Alan Turing proved this in a paper in..."
DeVry:
"Ok, class, now push the glowy button and let it boot up... Oooh! Shiny! Isn't that SHINY?"
NOT THE SAME.
Ben Hocking
Need a professional organizer?
...these are policies that were implemented during the Taft Administration Wow, Ohio's backup plan is a hundred years old?Sorry, I couldn't resist.
Just let me pull out my dictionary and look up "money laundering".
Ben Hocking
Need a professional organizer?
Wizard.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
I'd be more likely to hire a devry graduate over a comp sci graduate to be an intern on our servers, simply because I know the devry student actually touched a server while he was at school.
Made you look.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Tonight at 11: Smith family mysteriously receives 4,627 pieces of mail in one day. Sources cite the 'hardcopy Slashdot effect'.
Ben Hocking
Need a professional organizer?
Frankie say: Relax.
Screw encryption. I just back-up everything on cassette tapes. Just the way my TRS-80 like it! Go Tandy!
My only encryption is labeling the tapes Wham! and Frankie Goes to Hollywood.
riding round the world on an old motorcycle
Ahh, the voice of inexperience. Guess what? The boss knew it was a bad idea when he passed it down. Why would he do such a thing? You have a project that needs to be done securely and quickly. You will be rewarded for quickness but not security. You will be most definitely punished for slowness, but chances are slim that anyone would find out about a lack of security. Solution? Pass the job downstream and tell the peon to hurry it up, but be sure you mention security in an offhand manner at some point.
This is how all governments and most large corps work. Your "well, I'd do it differently" approach is endearing in it's innocence and naivete.
Literalism isn't a form of humor, it's you being irritating.