800,000 stolen social security numbers: a 22-year-old scapegoat?

July 26, 2007

800,000 stolen social security numbers - a 22-year-old scapegoatA 22-year-old intern said today he’s the “scapegoat” for the loss of over 800,000 social security numbers.

A backup tape was stolen from his car last month containing at least 770,000 social security numbers (with the corresponding names) for Ohio taxpayers. It also contained the social security numbers for another 64,000 state employees. Today the intern issued a statement with his side of the story.

Four months ago 22-year-old Jared Ilovar — who’s studying computers at DeVry University — started an internship with the state of Ohio. He said he’d sometimes take home a data tape to ensure there was an off-site version of the data. “The extent of my instructions on what to do after I removed the tapes from the tape drive and took the tapes out of the building was, ‘bring these back tomorrow.'”

So on the night of the theft, over 800,000 social security numbers were on a tape in his car, parked outside his apartment. “It is my understanding that five or more cars were broken into the same night as my car was broken into…” he announced today, “and now I am the scapegoat for the State of Ohio.”

It became the internship from hell — though from a security perspective, it was an undeniably sloppy procedure. A separate report Friday from Ohio’s Inspector General noted that the intern “remembered to bring them into his apartment approximately 85% of the time,” and that on those occassions, he’d put the data tapes “on top of his TV, so that he would remember to bring them back on the following day.” After investigating more than a month, the Inspector General reported this had been the policy for over five years, and that for the last two years, it had been executed by interns. (One intern even described the continuing tradition proudly as “the passing of the torch.”) Amazingly, the same policy had also been in effect at Ohio’s Office of Management and Budget for the last eight years.

Their report also faults the chain of command, which was muddled by contractors. The Inspector General identified Jared Ilovar as “a 22-year-old, $10.50-an-hour employee” hired just three months earlier, who received his assignment from…another intern. The intern reported to a $125-an-hour consultant, who reported to another $200-an-hour consultant…

But the intern also says that when he reported the theft of the backup tapes, he was instructed not to notify the police. “Because of my following their instruction…I was looked upon as if I was the criminal. I was put through a grueling three hour polygraph test, numerous interviews with various investigators, and countless phone calls…” The Inspector General’s reports that had a timely report been filed, the Highway Patrol could have been alerted — and nearby trash bins could’ve been searched in case the tapes had been discarded nearby.

And the internship from hell ended badly, too. In his statement today, he remembered that Friday, “I was called in to an office and handed a letter of resignation and told, ‘sign this letter of resignation or you are fired.'” He asked for more than 10 minutes, so he could talk to his parents — and was refused. He later resigned — then spoke to his parents again, and rescinded his resignation. And then was fired.

The Inspector General’s report shares a crucial recommendation from Gartner Inc and other security analysts: encrypt data before storing it off-site, and secure it like cash. (If not using armored transport, then electronically transmitting the data to off-site storage using a secure connection.) Though the State of Ohio is a $52-billion-a-year enterprise, they had instead authorized “a succession of interns” to take the unencrypted tapes home for the previous two years, with a friendly reminder to store them “in a safe place.”

Using census data from 2000, it seems the stolen data includes social security numbers for 7.3% of the people in the entire state of Ohio. And the city police force has since offered a whopping $500 reward for the return of the data.

Looking at the incident, a technology worker in another state identified the real culprits as the policy makers for the state of Ohio.

“That is an unbelievable back-up plan!

“‘Make Skippy do it!'”

Be Sociable, Share!

Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content


Copyright © 2014 Blorge.com NS