BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

OK: OKC buyer finds sensitive information on server

From: "Michael Hill, CITRMS" <mhill () idtexperts com>
Date: Wed, 21 May 2008 15:16:36 -0400
http://www.tulsaworld.com/news/article.aspx?articleID=20080521_12_OKLAH32253

OKLAHOMA CITY -- The Oklahoma Corporation Commission is removing hard drives from all surplus computer equipment after 
a server containing the names and Social Security numbers of thousands of residents was sold at an auction recently.

Oklahoma City resident Joe Sills discovered more than 5,000 Social Security numbers after purchasing the server and 
other surplus state computer equipment at an auction last month.

Sills was testing the equipment recently when he found the data in a file on the server. He said he is outraged that 
the state didn't erase the server's memory.

"People's identities are at risk," he said.

The server had been used by the state Tax Commission and, most recently, the Corporation Commission.

The Social Security numbers are likely tied to trucking industry data kept on the server by both agencies, Corporation 
Commission spokesman Matt Skinner said.

Since the Corporation Commission is now removing hard drives from computer equipment it sends to state auctions, people 
who buy the equipment will have to provide their own hard drives, Skinner said. It will keep accidental sensitive 
information leaks from happening again, he said.

State policy requires sensitive information to be erased from surplus equipment before it is auctioned, state 
Department of Central Services spokeswoman Gerry Smedley said. Erasing sensitive data is the responsibility of the 
agencies that owned the equipment. 



--------------------------------------------------------------------------------



Michael Hill 
Certified Identity Theft Risk Management Specialist
IDT Consultants
404-216-3751
 



"If You Think You're Not At Risk, Think Again!"
 
 
NOTICE:
This email and any attachment to it is confidential and protected by law and intended for the use of the individual(s) 
or entity named on the email.  This information and all email information from the sender is not legal advice nor legal 
representation and should not be construed as legal advice nor legal representation. Check with your attorney in your 
State for legal advice. If the reader of this message is not the intended recipient, you are hereby notified that any 
dissemination or distribution of this communication is prohibited.  If you have received this communication in error, 
please notify the sender via return email and delete it completely from your email system.  If you have printed a copy 
of the email, please destroy it immediately. 



_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: