Toolsview all

David Stanley Ford

Latest Oklahoma data loss puts 225,000 at risk
Securitylaptop held data on Oklahoma section 8 program clients

BY VALLERY BROWN    Comments Comment on this article17
Published: April 30, 2009



A laptop computer containing the personal information of about 225,000 Oklahomans was stolen from a city home last week.

Oklahoma Housing Finance Agency officials said Wednesday that the names, Social Security numbers, tax identification numbers, birth dates and addresses of clients of the Section 8 Housing Voucher Program were on an employee’s laptop that was stolen in an April 22 burglary.

Multimedia

Related content

Documents

More Info

Read the OHFA's letter to its clients

Dennis Shockley, executive director of the agency, said the information of past and present clients and landlords of the voucher program is on the laptop.

No information from the agency’s other eight programs was compromised, he said.

Updating security
Oklahoma City police Capt. Steve McCool said the burglary was reported at a home near 7600 N Post Road in Oklahoma City on April 22. The front door was kicked in, and the laptop was stolen, along with jewelry, a camera, a gun and another laptop in the home.

McCool said investigators swept the home for fingerprints but recovered none.

Another burglary was reported at a nearby home that same morning, McCool said.

Shockley said the agency is upgrading its security and encrypting its computers but had not yet made those changes. The employee worked in the field assisting clients and was allowed to take the laptop home.

A letter sent to affected clients over the weekend advised individuals how to protect their credit and said the laptop had two layers of password protection — one to log in to the computer and another to access the secure files.

"We believe that it is unlikely that the information can be retrieved from the stolen equipment,” the letter states.

However, Mark Weiser, associate dean and director of the Center for Telecommunications and Network Security at Oklahoma State University, said that passwords, even two, won’t be enough if the thief knows what kind of information is on the computer.

He likened it to a locked box inside of a locked car.

"The worry is in them realizing the value of the data is more than the computer,” Weiser said.

"If they want what’s inside, it won’t be very hard to get to it.”

Weiser said there are many ways to break passwords or get around them. He added that encrypting computers can help keep sensitive materials safe.

Two other cases of information being compromised have occurred in Oklahoma in the past two months.

The Department of Human Services announced last week that the Social Security numbers, names and dates of birth for as many as a million people served by the agency were compromised when an employee’s laptop was stolen April 3. That laptop has not been recovered and the information on it was not encrypted.

In March, data contained on a flash drive of an Oklahoma Employment Security Commission employee was lost.

It contained names and Social Security numbers of about 5,000 Oklahomans. It also was not encrypted.

The Oklahoman’s Watchdog Team: Looking out for you. Visit NewsOK.com/watchdog.

Toolsview all

David Stanley Ford


Related Topics: Science and Technology, Technology, Computer Technology, Computer Security


Need Affordable Health Care?
Get Affordable Health Insurance Quotes Online - Plans from $30 / Month
USInsuranceOnline.com
Obama Wants You to Return to School
Get Your Degree Now. Financial Aid & Scholarships are available.
www.classesusa.com

Leave a Comment

Something to say about this topic? Submit a Letter to the Editor online

Thank you for joining our conversations on newsok. We encourage your discussions but ask that you stay within the bounds of our terms and conditions. Please help us by reporting comments that violate these guidelines. To review our rules of engagement, go to Commenting and posting policy.


Log in below or sign up (it's free).





HSPD-12.. for crying out LOUD these people are IDIOTS. But then again so are most of the other agencies and departments. Quite frankly a class-action lawsuit would not be out of the order. I doubt they will change anything unless it becomes seriously painful. Here is a free clue. Get WinCrypt. It's free, it works so well the NSA uses it, and if your computer gets stolen there is no way the crook can get anything off of it. That's what I use on my home computer to protect banking and other personal data.
Doug, Midwest City - Apr 30, 2009 at 5:00 pm
Report as inappropriate or
Ignore Doug
Burt: great thoughts about tracking and location software. Does anybody think the state should stop ignoring the fact that an industry leading laptop tracking and recovery firm is located in Stillwater, Oklahoma? MyLaptopGPS, my company, is and has been right here. www.MyLaptopGPS.com. Ask your state rep or state senator.

Eric: you are right that the thief is very, very likely out for a quick buck and has no knowledge. You are wrong that it takes a master's degree in computer science to get the data. My 5-year-old could practically do it, from what we're being told. It's trivial. But your point is that the THIEF is unlikely. I agree.

I ask, which is more lucrative to a hit man (laptop thief who actually makes the grab):

a) $500 for the hardware. eBay or brother's friend's girlfriend's sister who wants to buy it. Easy, done.

or

b) $25,000 from "the mob" -- those who do have the so-called "master's degree in computer science" who would gladly take this laptop off the thief's hands and pay him in gold for it?


Are we ready to just cross our fingers and hope that an ignorant thief is also not interested in the laptop's weight in gold from an upstream buyer who has an affinity for thousands and millions of stolen SSNs?


Dan Yost
Chief Technology Officer
MyLaptopGPS.com
Stillwater, OK
Dan, Stillwater - Apr 30, 2009 at 12:13 pm
Report as inappropriate or
Ignore Dan
They should install tracking and location software and hardware on all state owned computers that are used at private homes. Banks and other companies do this so that when they are stolen, the first time someone tries to use them with any kind of internet connection, the location is fixed and the police is notified. Its a small investment that has big dividends. Every time one of these stolen computers are tracked and recovered, they usually wind up breaking up a large crime ring. Very often they will raid a home and find a large amount of stolen items. Even if it is sold at a flea market, the person who bought it can usually give enough information to track it back to the seller. Come one state computer people, lets get tracking devices into these laptops and home use state owned computers.
burt, edmond - Apr 30, 2009 at 11:28 am
Report as inappropriate or
Ignore burt
No government agency is perfect, especially one as large as DHS. I can see the value in having portable computers as I'm sure it helps them be more efficient at what they do. Unfortunately, one of the benefits of having a laptop is also a downfall. . .it's portable for criminals as well as the owner or authorized user! Further, I have dealt with many criminals in my career. More than likely, the criminals who stole the laptops are not interested in the data on the machine and are not technically competent enough to retrieve it even if they did want it. They're more interested in selling it off to pay for their next score but all you hear from the "Spin Doctor" media is how it is still possible to retrieve the data. Sure it's possible if you have a master's degree in computer science and the right software package. How many burglars do you know of with that kind of technical knowledge? Let me help you. . .there's not many, if any. Also, there are networks and databases hacked in the world everyday that contain peoples' personal information but no one ever hears a word about that until they check their credit and find a bunch of stuff on there that they didn't do. Why don't they scream and holler and stomp their feet about that? This is just another case of the media spin doctors on a witch hunt and blowing a story out of proportion. This is why I don't trust the media. They're not fair and balanced. I'm glad I cancelled my Oklahoman subscription.
Eric, Norman - Apr 30, 2009 at 9:44 am
Report as inappropriate or
Ignore Eric
Nice job, fake paul, EXCEPT: You don't need to make up false "bad rankings" for this dirtpatch, the state has got most of the REAL ones anyway....
paul, yukon - Apr 30, 2009 at 9:37 am
Report as inappropriate or
Ignore paul
Here's a few stats for you uneducated Okies: 50 State ranking........ Oklahoma DHS ranks #50 for child abuse ........ Oklahoma DHS ranks #50 for inter-agency personell abuse ........... Oklahoma DHS ranks #50 in protecting computer records......... Oklahoma DHS ranks #50 in agency parking lot protection.
paul, yukon - Apr 30, 2009 at 9:05 am
Report as inappropriate or
Ignore paul
Why are employees allowed to take this information home? It's simple, because they need it to do their job. They work out in the field, face-to-face with the individuals needing assistance. Generlly, they don't work from an office. It seems that ideally, they would have a broadband connection and be able to log on to a secure server that contains the data. If the laptop is stolen, so what, the data is on the server, not the laptop. The problem with this setup is that all of this takes money to set up, secure, and maintain. Money that most state agencies don't have. So pick your poison, continue status quo and know the risks involved of having this data easily stolen or have the legislature pony up some money and give agencies the information systems they need to adequately secure this data.
Kevin, Choctaw - Apr 30, 2009 at 8:48 am
Rufus, you need to look around you. Apparently you've missed the dozen or more articles the past year about the pathetic work of DHS, and the couple dozen articles addressing the poor work of okies legislature. You've missed the articles about how the state is broke, yet is thinking about cutting taxes, and also about how more money is needed to even bring the states infrastructure up to what might be considered "modern" standards. Face it Rufus, you live in a shell and would rather poke slams at one single individual rather than address the problems facing here.....you want some links about how bad the condition of this state is in? Be happy to provide you with them...
paul, yukon - Apr 30, 2009 at 8:19 am
Report as inappropriate or
Ignore paul
What's the matter Paul? DHS stop your welfare check again?
Rufus, spencer - Apr 30, 2009 at 8:14 am
The article about the DHS worker was a cheap shot. DHS has over 9000 employees. Not all employees are angels. This very same thing could and does happen to employees of any organization and never makes the news. However, when a DHS employee does something wrong, whether it is job related or not, it is a big story. The DOK is pandering to the government hating mob and this story is just an example of cheap shot yellow rag journalism.
insider9909, Durant - Apr 30, 2009 at 7:37 am
"Doesn't it seem kind of strange that all three of these problems are "state" related."--Not at all, it's about what I've come to expect from here. I mean, look at the people that are making the decisions (the legislature) and setting the guidelines for this state. Every area of the state infrastructure is either on the verge of collapsed or has already. The DHS worker recently arrested for assault on her son is another example. Look at her ! She's what the state relies on? Notice comments weren't allowed on that article?
paul, yukon - Apr 30, 2009 at 6:20 am
Report as inappropriate or
Ignore paul
Doesn't it seem kind of strange that all three of these problems are "state" related. Hmm, makes you think don't it.
C, c-town - Apr 30, 2009 at 6:11 am
Report as inappropriate or
Ignore C
I totally agree with Kirby. Why are these employees allowed to take this information home at all. I see a big lawsuit if this doesn't stop now. Employees are not above being robbed.
The way things are these days a lot of security is a big necessity. Employers should be fined by the government big time for allowing this to happen. I thank God I am not in a position where I have to be on any kind of government assistance. Sucks to be them.
C, c-town - Apr 30, 2009 at 6:09 am
Report as inappropriate or
Ignore C
Well if the meth head that has the laptop didn't know the value of what he stole, he ought to by now with all this publicity.
Ed, Oklahoma City - Apr 30, 2009 at 6:04 am
Report as inappropriate or
Ignore Ed
3 strikes, you're out... Get all the governmental agencies to STOP allowing employees to take home data! Leave it locked up at the office! Let the employees have 24 hr access to the office, which usually has video security devices, and sometimes even "badges" that allow them access to certain areas (meaning somehow, somewhere there is a record of them being there) so that if they stole anything, they would be caught! Besides, why are they working from home anyhow? Isn't that illegal, to make people work off the clock?
Janettee, Oklahoma City - Apr 30, 2009 at 5:37 am
No kidding, first, I'm wondering why these computers and devices aren't properly secured... Second I'm wondering why these people are allowed to take them home, and to the grocery store or where ever else they want. Obviously this has happened enough recently to start doing something about it now. Instead of waiting till someone's car or house is broken into. To have that many people's information on a flash drive is just plain stupid.
Jess, Warr Acres - Apr 30, 2009 at 2:22 am
Report as inappropriate or
Ignore Jess
Don't let information of that sort out of the building!
Kirby, Oklahoma City - Apr 30, 2009 at 12:34 am

    News Photo Galleriesview all