BreachExchange mailing list archives
OK: OKC buyer finds sensitive information on server
From: "Michael Hill, CITRMS" <mhill () idtexperts com>
Date: Wed, 21 May 2008 15:16:36 -0400
http://www.tulsaworld.com/news/article.aspx?articleID=20080521_12_OKLAH32253 OKLAHOMA CITY -- The Oklahoma Corporation Commission is removing hard drives from all surplus computer equipment after a server containing the names and Social Security numbers of thousands of residents was sold at an auction recently. Oklahoma City resident Joe Sills discovered more than 5,000 Social Security numbers after purchasing the server and other surplus state computer equipment at an auction last month. Sills was testing the equipment recently when he found the data in a file on the server. He said he is outraged that the state didn't erase the server's memory. "People's identities are at risk," he said. The server had been used by the state Tax Commission and, most recently, the Corporation Commission. The Social Security numbers are likely tied to trucking industry data kept on the server by both agencies, Corporation Commission spokesman Matt Skinner said. Since the Corporation Commission is now removing hard drives from computer equipment it sends to state auctions, people who buy the equipment will have to provide their own hard drives, Skinner said. It will keep accidental sensitive information leaks from happening again, he said. State policy requires sensitive information to be erased from surplus equipment before it is auctioned, state Department of Central Services spokeswoman Gerry Smedley said. Erasing sensitive data is the responsibility of the agencies that owned the equipment. -------------------------------------------------------------------------------- Michael Hill Certified Identity Theft Risk Management Specialist IDT Consultants 404-216-3751 "If You Think You're Not At Risk, Think Again!" NOTICE: This email and any attachment to it is confidential and protected by law and intended for the use of the individual(s) or entity named on the email. This information and all email information from the sender is not legal advice nor legal representation and should not be construed as legal advice nor legal representation. Check with your attorney in your State for legal advice. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination or distribution of this communication is prohibited. If you have received this communication in error, please notify the sender via return email and delete it completely from your email system. If you have printed a copy of the email, please destroy it immediately.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- OK: OKC buyer finds sensitive information on server Michael Hill, CITRMS (May 21)