BreachExchange mailing list archives
lost disk recovered after years in Muskogee OK
From: Henry Brown <hbrown () knology net>
Date: Mon, 02 Mar 2009 06:10:31 -0600
Probably fairly low risk of data being misused but almost "CLASSICAL" in the response to the event... http://www.muskogeephoenix.com/local/local_story_060014536.html Officials at the city of Muskogee recently discovered that a computer “zip” disk containing personal information has been in public circulation since 2000. The citizen who found the disk noticed the official city label and returned it. Late Friday afternoon, the city issued a press release saying they had discovered a “possible breach of utility billing information” on about 4,500 utility accounts that were closed prior to August 2000. The city is in the process of putting together a list of contact information for the former account holders so they can be notified. Many of the addresses on the disk are more than seven years old and the people have moved without forwarding addresses. Although the disk contained Social Security numbers for some of the account holders, the press release said officials don’t believe the information has been used to harm anyone. “We do not believe the data was used for inappropriate or illegal purposes,” it said. “The City assures all of our utility customers that all confidential information is destroyed when it is no longer needed and this is an isolated unfortunate incident.” City Clerk Pam Bush said Saturday that she thought she knew how the disk was lost. Although the city has always had a policy that any media containing information is destroyed when no longer needed, she thinks a forgetful employee scooped up the disk while putting together surplus items no longer used by the city. “The disk obviously made it into some surplus property; into a computer box with other things by accident,” she said. “It happened sometime between 2000 and 2007. Some of the former accounts on the disk had telephone numbers and some had Social Security numbers, but most did not have forwarding addresses. We’ve had three information technology directors since 2000, and the current director does not surplus disks. The previous two did not either, but the disk somehow made it into a box that was sent to an auction.” Bush said any removable media containing information no longer needed is destroyed. “If we surplus a computer, we pull the hard drives out,” she said. Information Technology Director Chris Cummings described what happens next. “We destroy the hard drives with a hammer or drills,” he said. “Typically, we don’t have information on compact disks, but if we do, those and other types of diskettes are shredded.” _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- lost disk recovered after years in Muskogee OK Henry Brown (Mar 02)