Ohio’s state government reacts to potential identity theft

The latest in the string of data breaches involves the state government of Ohio whose officials allowed a storage device to be stolen from a car.

The story keeps getting worse as at first it was thought that only 64,000 state employees personal information was on the device, but now they are realizing that a few hundred thousand Ohioan’s information was also on the device. Depending on the source the number varies from 200k to 500k. No matter what it ends up being, it is a public relations nightmare for the state government and elected officials.

And to add more embarrassment to the situation the person who had it stolen was an intern. An intern who is usually a student or a recently graduated individual who is now working as an apprentice to learn the ropes, the rules, gain exposure, acquire experience, or possibly earn college credits.

Of all the people that work in the state government, an intern is chosen to carry the storage device as a security measure to have copies of data in the event of some disaster or catastrophic event at the office building. Apparently the officials were following procedures but did not consider security of the data after it left the building. And an event did happen, just not at the end they were expecting. The procedures the state had in place could not have been very specific since they used the lowest person on the ladder to carry out a security task.

What was the value of that information on the device if it could be handed over for safekeeping to an intern? Now the value is starting to mount as the state is already spending hundreds of thousands on services to protect individuals and that is just the start.

If whoever took that device does crack into it successfully and spreads the wealth of information all over the internet, you can be assured that institutions that will start to bear the brunt of costs associated with this will surely look to the state for restitution.

Ohio is now falling into the same path as millions of Americans who do not bother to take pro-active steps, but then spend millions on reactions once a breach occurs. They are now trying to put out a fire instead of preventing one from starting.

There has been conversation that the risk of fraud for all of these individuals is small based on past breach studies, and that may be true, but past events do not necessarily predict the future either. Even if fraud does occur to a small number of individuals, these comments will not be any consolation to those who become victims. If the person who obtained this device does manage to unearth all of the information on it, the data could be sold over the internet and across the globe within hours.

Instead of focusing on only those individuals whose data was lost, the state officials in Ohio should capitalize on this unfortunate event to make everyone in the state take stock of their personal information to determine if they can reduce their risk. There is never a better time than when an event like this occurs, and the issues are fresh in the mind of everyone.