lost disk recovered after years in Muskogee OK

[Henry Brown <hbrown () knology net>]

Probably fairly low risk of data being misused but almost "CLASSICAL" in 
the response to the event...

http://www.muskogeephoenix.com/local/local_story_060014536.html

Officials at the city of Muskogee recently discovered that a computer 
“zip” disk containing personal information has been in public 
circulation since 2000.

The citizen who found the disk noticed the official city label and 
returned it.

Late Friday afternoon, the city issued a press release saying they had 
discovered a “possible breach of utility billing information” on about 
4,500 utility accounts that were closed prior to August 2000.

The city is in the process of putting together a list of contact 
information for the former account holders so they can be notified. Many 
of the addresses on the disk are more than seven years old and the 
people have moved without forwarding addresses.

Although the disk contained Social Security numbers for some of the 
account holders, the press release said officials don’t believe the 
information has been used to harm anyone.

“We do not believe the data was used for inappropriate or illegal 
purposes,” it said. “The City assures all of our utility customers that 
all confidential information is destroyed when it is no longer needed 
and this is an isolated unfortunate incident.”

City Clerk Pam Bush said Saturday that she thought she knew how the disk 
was lost.

Although the city has always had a policy that any media containing 
information is destroyed when no longer needed, she thinks a forgetful 
employee scooped up the disk while putting together surplus items no 
longer used by the city.

“The disk obviously made it into some surplus property; into a computer 
box with other things by accident,” she said. “It happened sometime 
between 2000 and 2007. Some of the former accounts on the disk had 
telephone numbers and some had Social Security numbers, but most did not 
have forwarding addresses. We’ve had three information technology 
directors since 2000, and the current director does not surplus disks. 
The previous two did not either, but the disk somehow made it into a box 
that was sent to an auction.”

Bush said any removable media containing information no longer needed is 
destroyed.

“If we surplus a computer, we pull the hard drives out,” she said.

Information Technology Director Chris Cummings described what happens next.

“We destroy the hard drives with a hammer or drills,” he said. 
“Typically, we don’t have information on compact disks, but if we do, 
those and other types of diskettes are shredded.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss