digg

Facebook Connect Join Digg About

A 22-year-old intern takes home a list of 64,000 social security numbers

apnews.myway.com A 22-year-old intern was given the responsibility of safeguarding the personal information of thousands of state employees, a security procedure that ended up backfiring. I mean, really, what could go wrong?

Who dugg this? Made popular Jun 19, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

39 Comments

show profanity settings
expand all
  • psg188, on 10/11/2007, -1/+15Nothing, 22 year old interns are epitomes of responsibility.
  • psg188, on 10/11/2007, -0/+10Yeah, that *****.
  • zupzupper, on 10/11/2007, -0/+7"What officials don't know is whether the thief is an unsuspecting common car burglar or a computer-literate opportunist with the capability of unlocking the code encrypting thousands of Social Security numbers."

    "I think it's not that big of a deal," she said. "The person who stole it would really have to know what he's doing."

    Given the level of security your organization has displayed thus far lets hope that ultra-secret encyption mechanism is something more than a password protected zip file....
  • dopesick, on 10/11/2007, -0/+6The major flaw in security was the "device" left the building. Valued at $15, must have been a thumb drive. Which then would leave you to believe the ONLY security of the files is encrytption, and which made by man can be cracked by man.

    Way to go IT team.
  • crazzy88ss, on 10/11/2007, -0/+5Now he knows what's on the discs, if the guy didn't know what was on them before.
  • Egoist, on 10/11/2007, -0/+5In case the office burns down or is robbed during the night. It's called off-site backup, and is a standard security procedure. The problem here is that these people only did a half-assed implementation where they just give the backups to an intern. They should contract with a company that specializes in off-site backups.
  • st3vo, on 10/11/2007, -1/+6I make up my social security numbers.
  • deviation420, on 10/11/2007, -1/+5What did the intern do wrong, exactly? Have his car broken into?
  • Demonmonger, on 10/11/2007, -1/+5The government should understand that your SSN is not safe. Its the primary identifier of almost all benefit providers, credit companies, and other data trading partners. Every day hundreds of thousands of identities are transferred between trading partners in nothing more than poorly encrypted zip files or plain text files.

    There needs to be criminal action done against these people who don't take safeguards to protect your privacy.
  • Solkre, on 10/11/2007, -2/+6Oh, I think I'd let a female intern handle my most valued asset.
  • briarmoss, on 10/11/2007, -0/+3what he did wrong was not keep the ***** flash drive containing lots of sensitive information on his person at all times. It's really not very big, or conspicuous. I keep one in my wallet at all times.
  • drakethegreat, on 10/11/2007, -0/+3What I never understand about situations this is why anyone needs to be taking home a db backup with thousands of SSNs, addresses, etc. Why do they need this at home? The backup can sit safely on the shelf? Is he doing work on an offline copy at home? Why not allow him to VPN in and use the copy at the business... The only reason I can think of is convenience for editing but then thats a big enough bitch to migrate back into the live db when you are making only a couple changes. So why do these people have copies sitting on removal storage to take home?
  • LogicBomB, on 10/11/2007, -0/+3My fiance helps facilitate security clearances in Canada. She has one of the highest security levels you can receive (Nato Secret) and is 23.

    Fact is, as long as your story pans out and you have some good references to say you are an upstanding citizen, there is a good chance you'll get the job. Some clearances require hour-long interviews with a pannel of interrogators who do nothing but drill you and monitor you responses. They'll look into you, your family, your friends, previous jobs, the works. But if it all pans out, why wouldn't you trust someone?

    Someone HAS to get the job and it doesn't make sense to only hire 50-somethings.
  • abcdefghij, on 10/11/2007, -1/+4a 22-yo safeguarding vital information? It's not a bug in the system.. it's a feature!

    think. WWJBD? Jack Bauer would've done the same.

  • xerus, on 10/11/2007, -1/+4Damn, thats quite the internship. Gone are the days of fetching coffee and ordering lunch...
  • cactus476, on 10/11/2007, -0/+2Why is it that managers always make IT policy changes only AFTER something bad has happened.
  • strafefire, on 10/11/2007, -1/+3Actually, when I was in the military (00-06) at age 22 I was in charge of 300 people and millions of pieces of classified data. Not a damn thing happened to any of it.

    Age has NOTHING to do with this issue. The guy was probably what we in the military would affectionately label a *tool*, a complete and total idiot!
  • Error601, on 10/11/2007, -0/+222 year old is irrelevant. They've got 19 year old guarding the nuclear weapons on military bases. It's a huge management screwup to let people take backup media home in order to fullfill an offsite requirement. You've got to pony up the bucks and get a real offsite service that use locking cases, armored cars, and all that. No media leaves the computer room unless it's in a locked case and signed out.

  • NoSalt, on 10/11/2007, -0/+1"a second backup device is given to employees on a rotating basis to take home for safekeeping"

    WTF ... does anybody else think this is the most hair-brained idea ever?!?!?

    I wouldn't want to take that home with me and be responsible for that kind of data. I mean, my God, why don't they just hire one of the off-site-storage companies out there??? It'd be a heck of a lot safer than Joe Intern's beer-soaked sock drawer.
  • milkmage, on 10/11/2007, -0/+1WHAT
    THE
    *****!?

    FTA: Under protocol in place since 2002, a first backup storage device is kept at a temporary work site for a state office along with the computer system that holds all the employee information, and a second backup device is given to employees on a rotating basis to take home for safekeeping, officials said.

    too cheap to pay for REAL offiste backups?
  • glombard, on 10/11/2007, -0/+1I'm an IT guy that happens to live in the same apartment complex as the unfortunate intern. Cops were knocking on doors showing pictures of the storage device. Its not a thumb drive. It's a DLT tape, so even someone stealing it from a car would have to have a rather expensive piece of hardware to even get the social security numbers off it. We've had 2 episodes vandalism in our complex in the past, but this is the first time in the two year I've lived here that cars were broken into. It wasn't just his car either. I've heard through the grapevine of at least 6 other cars were broken into, stealing typical stuff, CDs, change from the cup holder, etc. Most likely kids looking for something to do. I wouldn't be surprised if they had dumped it in the community pond.
  • OppCoder, on 10/11/2007, -0/+1Age has nothing to do with it, common sense does. When I was 22 I was responsible for similar data for 2 years straight. I never would have left it sitting in my car. Some of you talk about this as if when you're that young your a complete idiot when in reality, The problem was most likely just inexperience and a lack of training.
  • wesl56, on 10/11/2007, -0/+1which makes you wonder that it may have been someone knowing what they were stealing... why they heck would a bunch of kids or some other low life grab what looks like "an old cassette tape" out of a car? :S
  • OwdenBowden, on 10/11/2007, -0/+1BREAKING: a 22 year old was just pronounced the Governor of Ohio. He beat out his competition by 64,000 votes. More details to follow.
  • wesl56, on 10/11/2007, -0/+1its always a good idea to keep backups of important data off-site, in case of a fire or some other disaster... a proper method is to keep backup tapes or drives in a security deposit box at a bank, not at an employee's house :S
  • wesl56, on 10/11/2007, -0/+1hahah exactly
  • Amnesia10, on 10/11/2007, -1/+1I agree. The first thing that should have been done is to make sure that the flash drive was encrypted so if stolen then it would be useless without the security keys. Secondly are interns suitable for such a job, it should be one of a number of senior staff. As to the intern in this case he probably thought that if je left it at home he would forget it, if he left it in the car he could always get it from the car in the car park, not such a disaster. Though unfortunately for him it was burgled. Which brings me back to my first point that the drive should have been encrypted.
  • Solkre, on 10/11/2007, -1/+1I carry around my personal information on a $15 device (USB Drive) attached to my keychain.
    Anyone who found it/stole it would certainly format it before ever breaking my TrueCrypt file :)

    I also have a little text file with my e-mail address in case anyone would care to contact me to return it. That's the only un-encrypted file sans mobil TruCrypt itself.
  • codechino, on 10/11/2007, -1/+1It wasn't the manager that made the change, it was the governor. With 64,000 employees spread across the state, it is very difficult for the guy in charge to know everything that is going on, but he ended the practice as soon as he became aware of it. That said, there was management failure at a lower level when an intern was allowed to take it home.

    But that rule does generally hold true in the IT world. It does where I work, at least.
  • mojibyrd, on 10/11/2007, -1/+1It is amazing how you read more and more of your personal data is lost or stolen, but yet big brother wants to pry even further into our private lives and gather all the information they can on each and everyone of us, up to and including your DNA, biometrics, retinal scan, fingerprints, all financial records/transactions and of course your internet habits.....this is either a manipulative way for them to try and say 'see we need better protection', but for me personally it tells me to give less and less information as the only one i can seem to trust with this info, is of course myself.

    And for those of you who care to search further you can read some articles at www.waynemadsenreport.com on how the loss of personal data is a psyop to try and prove the need for more 'secure' information on all of us....or of course do a search on your favorite search engine.
  • TheOriginalNES, on 10/11/2007, -0/+0dude, i'm kinda offended by this. I'm a 22 year old intern and I happen to have access to a huge amount of random people's personal information. It's called ethics.
  • tnatharik, on 10/11/2007, -1/+1What if the thief turns out to the interns friend?
  • MarkOfTheDead, on 10/11/2007, -0/+0streisand effect FTW
  • ibanez144, on 10/11/2007, -1/+1That's nothing- at my old job (a fairly large bank), managers would routinely give printed lists of names, addresses, and social security numbers to temporary workers that had only been working there for a few days. No background checks or anything. Anyone working there could just grab a list and walk out the door with it. I hope they have improved security since then, but who knows...
  • rungun, on 10/11/2007, -0/+0And now thanks to this Digg , the guy who jacked this stuff from the guys car now knows he needs to find someone to decrypt the data and start selling some ssn#'s :D
  • jstem1994, on 10/11/2007, -1/+0At age 22 I was a supervisor in a nuclear power plant in the Navy (aircraft carrier).

    Age has nothing to do with it.
  • codechino, on 10/11/2007, -1/+0Apparently, some pretty "sophisticated" technology is required to read any data from the device, according to one of the governor's staff members I spoke with this past Saturday. Keep in mind that, barring intelligence agencies (usually), the government's idea of "sophisticated" is pretty antiquated.

    Keeping sensitive information off-site is actually a decent way of keeping it safe, provided it is done properly. Giving it to an intern and/or leaving it in your car is an example of how not to do it properly.
  • Ubl0, on 10/11/2007, -3/+1Everybody knows interns aren't reliable, especially girls.. =p
  • down4twenty, on 10/11/2007, -5/+0if the car thief could decrypt files, they would have a job working with computers therefore not need to be stealing craps out of cars

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.