Thank you NC department of revenue…
I heard on the local news last night that the North Carolina Department of Revenue has lost a laptop that had ~30,000 state taxpayers information on it. Social Security numbers/etc… The report I saw that the state has setup a hotline to “teach citizens about identity theft” and have sent letters to those affected. Thanks… lose a laptop with 30,000 and then teach US about identity theft. How about teaching employees with sensitive information about encryption? ……. so I looked into it a bit further this morning.
According to this article the laptop was stolen from a car in the Raleigh area in DECEMBER. North Carolina has a “victims toolkit” at this address which is geared towards giving people the tools to request a freeze on their credit, notifying the three major credit bureaus, etc. (The report was from mid-January).
Also, people are encouraged to act quickly if they are notified that their information has been compromised.
It’s amazing to me that such large volumes of sensitive data are carried around and assumably NOT kept in an encrypted loop-back or some other protected store. Let’s face it, there ARE many tools for making a file relatively unreadable without a good passphrase. There is no indication in the reporting that I’ve seen that any steps were taken to encrypt the data for just such a possibility.
This get’s me back to something I’ve said many times to folks that say they won’t make a purchase online because they’re concerned about identity theft. These days, we are at the mercy of EVERY company that we do business with (including the state/federal and local governments). There is risk EVERY time you give someone your social security number or let the credit card swipe because more often than not it goes into a database somewhere. If the companies that are keeping the data have lax security or make poor choices, then you’re out of luck.
From the Charlotte observer’s report….
The employee’s car was locked, and she had followed department policies about securing the computer, Brooks told the Observer. The computer contained security features, but Brooks said officials are examining additional software safeguards.
So… I will assume they at least had a login password as part of their policy… I’m afraid that may have been all.