Lost laptop contains 1 million social security numbers
The Oklahoma Department of Human Services (OKDHS) reported that a laptop was stolen from one of its employees. The laptop was in a car and the employee lost it as well as several other items that were in the car at the time.
The theft highlights the significance of data risk that government organizations and businesses face today. Yesterday I wrote about the real costs of lost laptops as revealed in a study by the Ponemon Institute. The average cost to a business of a lost laptop, the study found, was $49,246, and company chairman and founder Larry Ponemon said that number was likely low.
The laptop contained the personal data of people receiving government assistance, specifically those enrolled in the following programs: Medicaid, Child Care assistance, Temporary Assistance to Needy Families (TANF), Aid to the Aged, Blind and Disabled and the Supplemental Nutrition Assistance Program (SNAP or Food Stamps).
The data on the laptop included names, Social Security numbers, dates of birth, and home addresses, which is enough for an identity thief.
"Because the computer was password protected, we have determined the risk of disclosure is low," said OKDHS in a statement.
A spokesperson for data protection software company Cyber Ark noted that with the company's software, the problem would have been prevented. Its solution stores data in a digital vault and logs all use of that data.
In his report, Ponemon wrote that even lesser solutions would be effective. "Anti-theft and data protection solutions are available to secure laptops and the sensitive and confidential data they contain. An understanding of how costly it is to lose a laptop can be used to make the case for purchasing enterprise-wide solutions," he wrote. Even encryption would help.
As it is, all too often a business or government entity is allowed to assume that data has not been lost if there is minimal security in place. That lowers incentives for the adoption of security beyond the password. It's wrong.