Ohio Plans To Encrypt After Data Breach 237
Lucas123 writes "After a backup tape containing sensitive information on 130,000 Ohio residents, current and former employees, and businesses was stolen from the car of a government intern in June, the state government just announced it has purchased 60,000 licenses of encryption software — McAfee's SafeBoot — for state offices to use to protect data. It's estimated that the missing backup tape will cost Ohio $3 million. In September, the state docked a government official about a week of future vacation time for not ensuring that the data would be protected."
60,000 licenses? (Score:4, Interesting)
$3 million? (Score:1, Interesting)
anyone care to explain approximately from where $3 million figure came?
A week's vacation? (Score:5, Interesting)
I work as a DBA in a nonprofit healthcare organization. If our backup guys lost a tape, and I hadn't bothered to check off the box in our database backup software that says "Encrypt: 256-bit AES", I would lose my job.
This guy got dinged a whopping 1 week of vacation time. That's not even '1 week suspended without pay'. It's the equivalent of having to stay in detention after school.
I need to move over to the public sector or something.
WTF (Score:3, Interesting)
Intern, backup tape, car
encryption is probably low on the list of security concerns here... just WOW
I absolutely know that I don't want to hear the story of how those four words got used in the same sentence until happy hour is nearly over.
Those 4 words should never be needed in the same sentence. Process is just as important as encryption. That should have been 'backup tape', security company, armored transport, iron mountain in the sentence... oh wait, then there would be no story.
They led the horse to water... (Score:5, Interesting)
Re:OpenBSD is the answer. (Score:3, Interesting)
Re:Wonder if McAfee payed them (Score:4, Interesting)
No actual loss has ever been reported as a result of this breach. The tape that was stolen was in a relatively obscure tape format. (I don't believe it's ever been reported, but I work with similar systems, and I would guess it's probably 5 1/4 inch format, likely not even in ASCII. Most of the data backups we get are EBCDIC.) It was unencrypted, but in order for someone to get anything off this, they would need the correct hardware, the correct software and they'd really need to know that they were looking for something. Add to that it wasn't reported until weeks after the loss, by which time the thug who broke into the car had log since ditched the useless cassette tape that he stole.
Meanwhile, Ohio taxpayers are spending millions of dollars doing credit checks on every person whose information was potentially on that tape.
I'm not advocating that we forgo due diligence. I take great care in making sure that all backups from my company are encrypted. I hound everyone in the office to make sure their passwords are secure. However, the fact that we're still speding money on this makes me irate. If there was any indication whatsoever that this data was compromised, I'd be OK, but there's a 99% chance that this tape is in a landfill in southern Columbus right now.
Re:60,000 licenses? (Score:1, Interesting)
I love TrueCrypt. I really do. But it is *NOT* a full disk encryption product. It relies on the USER to do the work. If I could rely on the USER to actually keep their data encrypted, we wouldn't be in this mess.