From: Henry Brown (hbrownknology.net)
Date: Mon Mar 02 2009 - 06:10:31 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Probably fairly low risk of data being misused but almost "CLASSICAL" in
the response to the event...

http://www.muskogeephoenix.com/local/local_story_060014536.html

Officials at the city of Muskogee recently discovered that a computer
“zip” disk containing personal information has been in public
circulation since 2000.

The citizen who found the disk noticed the official city label and
returned it.

Late Friday afternoon, the city issued a press release saying they had
discovered a “possible breach of utility billing information” on about
4,500 utility accounts that were closed prior to August 2000.

The city is in the process of putting together a list of contact
information for the former account holders so they can be notified. Many
of the addresses on the disk are more than seven years old and the
people have moved without forwarding addresses.

Although the disk contained Social Security numbers for some of the
account holders, the press release said officials don’t believe the
information has been used to harm anyone.

“We do not believe the data was used for inappropriate or illegal
purposes,” it said. “The City assures all of our utility customers that
all confidential information is destroyed when it is no longer needed
and this is an isolated unfortunate incident.”

City Clerk Pam Bush said Saturday that she thought she knew how the disk
was lost.

Although the city has always had a policy that any media containing
information is destroyed when no longer needed, she thinks a forgetful
employee scooped up the disk while putting together surplus items no
longer used by the city.

“The disk obviously made it into some surplus property; into a computer
box with other things by accident,” she said. “It happened sometime
between 2000 and 2007. Some of the former accounts on the disk had
telephone numbers and some had Social Security numbers, but most did not
have forwarding addresses. We’ve had three information technology
directors since 2000, and the current director does not surplus disks.
The previous two did not either, but the disk somehow made it into a box
that was sent to an auction.”

Bush said any removable media containing information no longer needed is
destroyed.

“If we surplus a computer, we pull the hard drives out,” she said.

Information Technology Director Chris Cummings described what happens next.

“We destroy the hard drives with a hammer or drills,” he said.
“Typically, we don’t have information on compact disks, but if we do,
those and other types of diskettes are shredded.”

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]