The state of Ohio are trying to blame a 22 year-old intern for the loss of almost 800,000 social security numbers and other personal information. A backup tape containing unencrypted data was stolen from his car last month. The intern, Jared Ilovar would sometimes take home backup tapes to ensure that there was an off-site version of the data-his instructions were simply ‘bring these back tomorrow.'
The tapes were stolen from his car in what would seem like a random crime spree with other cars in the neighbourhood also being broken in to. Of course this could have been a well-planned and targeted attack with other break-ins simply being a diversion, we shall probably never know. Jared was promptly blamed for the leak and when he refused to resign he was fired.
Ohio's Inspector General reported that this off-site backup policy had apparently been in place for five years and for at least the last two this had been carried out by interns; his report blames a muddled chain of command and said that the data should have been properly secured and encrypted. Take a look at the full story here.
It's amazing that the State of Ohio, a $52 billion enterprise would have such poor backup plans. Surely they could afford to secure their confidential data somewhere other than the car boot of a $10.50/hour intern?!?