Theft of laptop puts thousands of identities at risk

A U.S. Department of Transportation laptop with personal information on 133,000 Florida residents has been stolen, exposing the data to identity fraud.

The computer was taken from a government-owned vehicle on July 27 in the Miami area, the agency said in a statement Wednesday. The password-protected laptop was assigned to a special agent in the Miami arm of the department's Office of Inspector General, it said.

While the laptop did not contain financial or medical information, four databases with identifiable information were stored on it. The details included names, Social Security numbers, dates of birth and addresses in databases covering holders of Florida pilot's and driver's licenses, both commercial and personal.

The databases were being used in an investigation into the use of fraudulent information to obtain commercial driver's or pilot's licenses, the Department of Transportation said.

There is no indication that the thief or thieves took the computer because of its contents. Still, steps are being taken to protect and inform Florida residents and to recover the laptop, the agency said.

The incident is the latest in a long string of data security breaches. The U.S. Department of Veterans Affairs is still recovering from the theft of a laptop and external hard disk drive that exposed the identities of 26.5 million veterans. Others that have lost such data include the Metropolitan State College in Denver, the U.S. Department of Agriculture, and Los Angeles' Department of Social Services.

[schubb]

Great...just great

All the site I have seen talk about credit card fraud and identity theft.

What about bigger dangers, they took drivers licenses, personal and CDL, and pilot's licenses? Sounds like it could be used for just about any amount of minor mischief to more terror attacks.

And the gov't keeps talking about how a national ID card will keep us safe, warm and fuzzy. Oh joy...

[mikekrause]

Having This Kind of Information On a Laptop Should be Illegal

This problem is only going to get worse unless we act to make this information more secure. Laptops are inherently insecure since they are able to be physically stolen and therefore should NEVER be used to carry such sensitive information.

Why does anyone think it's a good idea to allow someone to cart around a bunch of confidential information on so many people where it could so easily pilfered?

This is a foolhardy practice that needs to stop. I wish congress would address this issue by making it a crime to put such information on a laptop in the first place and require that the only place such sensitive information should be stored is on a firewall and password protected protected server. Regular audits of access to this information ought to be part of this legislation.

[gnubie]

This is unconscionable -- Heads should roll!

Even putting the information on a laptop is a supreme negligence and dereliction of duty. What happened to this agent as a result of this loss?

[Jeremiah256]

CLASS ACTION

I'm curious: what restrictions are there that there hasn't been some kind of class action suit against the government for neglect/mishandling of our social security numbers and other personal information? Any lawyers out there?

[maxwis]

Like, Have They Not Heard Of External Drives?

Like,ummm, can't you buy a 2.5 inch external drive enclosure at CompUSA, put a laptop drive in it, and then connect that up to another computer? Sort of makes a simple login password obsolete doesn't it?

[Macsaresafer]

That's why encryption is so important.

It's too bad that IT types stop people from using it. They stopped
Microsoft from adding encrypted folders. Macintosh users can
encrypt files and folders into disk images, but that's part of why IT
types fear the Mac. Encryption limits their authority.

[jdscardino]

Even THAT'S Not the Best Idea

It's hard to believe that any government run group/department doesn't have secure VPN connections. You keep important information on firewalled/encrypted central databanks and connect to it. Important information should never be kept: (a) On a laptop computer -- ever -- no excuses, or (b) Even on a desktop. Someone could break into your building and rip a HD right out even if they can't take the machine itself.

It's just shocking how people are so careless with important information.

[marileev]

Broken Record

The Government laptop/computer theft stories are repeating like an old skipped record. I agree with mikekrause - it's wrong to see this happen sooo many times. The government could use remote laptop security (RLS) to protect its records http://www.essentialsecurity.com/Documents/RemoteLaptopSecurity.pdf

[mveronica]

Time to act...

And not just the government. Individuals and companies both need to realize that they are just as vulnerable. There is a huge difference between the number of data breaches that are made public and the number of data breaches that have actually occured.

A chronicle of data breaches...
http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP

Perhaps the public would take some action and not be so quiet on this issue if they knew just how out of hand this problem is getting.

[wbenton]

Oops... Not fathomable?

>>>holders of Florida pilot's and driver's licenses, both commercial and personal.<<<

It might be hard for some to tie the information of pilots to terrorism, but not for those whom have the proper knowledge.

Password-protected laptops are as secure as a tangerine tree is to worms and as secure as a clear-text copy of all NSA agents posted on a web site.

That said... what the hell is ISMS all about if it's not to protect such information.

Non-conformance to such ISMS regulations might be considered as purposeful deception at best... treason at worst.

Password protection is just about the weakest method of security with the exception of no password protection at all.

ISMS regulations stipulate hard disk encryption for ALL laptop devices.

Heads need to roll on this one.

Walt