Intern loses 800,000 SSN

[mzkhadir]

TechBlorge

 

[ElFenix]

their offsite backup plan is to have interns keep tapes overnight? wtf? and people want the government running the medical care system?

 

[waggy]

hahahah he is complaining because he is being blamed for it. WELL duh! it was stolen OUT OF HIS CAR!

 

[vi edit]

Originally posted by: ElFenix
their offsite backup plan is to have interns keep tapes overnight? wtf? and people want the government running the medical care system?

Heh...

"Their report also faults the chain of command, which was muddled by contractors. The Inspector General identified Jared Ilovar as "a 22-year-old, $10.50-an-hour employee" hired just three months earlier, who received his assignment from?another intern. The intern reported to a $125-an-hour consultant, who reported to another $200-an-hour consultant"

 

[Turin39789]

ridiculous

 

[AFB]

Holy crap


Do they not have any other locations where idk, perhaps they could put a safe to securely store the offsite backups.

 

[krunchykrome]

I dont understand why sensitive information like that would be allowed offsite, especially in the hands on an intern.

 

[halik]

O H I O ....

God damn idiots, unencrypted ssoc numbers on a backup tape is a brilliant idea.

 

[halik]

Originally posted by: waggy
hahahah he is complaining because he is being blamed for it. WELL duh! it was stolen OUT OF HIS CAR!

I think you missed the point of how that was a systematically introduced failure... the fact that unencryped ssoc data was let out of the building was where the system failed. The fact that someone stole it from a car is a product of the above.

 

[LegendKiller]

Heck, when I used to crack tapes or send data to the street to analyze for a securitization we were extremely careful. No SSN, no personal ID info beyond the state and city so you could do stratifications on the data. I never even got access to the system that had SSNs for the loan files, we had ~500,000 SSNs but they kept almost everybody out of it.

When we sent the data outside it was always a password zip with encryption over Intralinks. That whole system wasn't fool proof either, but it was better than this crap.

People really don't take data security seriously enough.

 

[waggy]

Originally posted by: halik

Originally posted by: waggy
hahahah he is complaining because he is being blamed for it. WELL duh! it was stolen OUT OF HIS CAR!

I think you missed the point of how that was a systematically introduced failure... the fact that unencryped ssoc data was let out of the building was where the system failed. The fact that someone stole it from a car is a product of the above.

no i get it. the whole situation is absurd. if htey want to take it off site it needs to be done right.

but he is at fault. he left it in his car. he knew that it was a important paice of information and did not care.

while not 100% at fault he is i would say 90%. they should have had a better setup but he was in charge of it and blew it. i have no sympathy for him. hopefully he has learned

 

[imported_Imp]

Whoo, makes me feel a LOT better about almost losing $600 worth of company Ram. Was shipping the crap out, and had one envelope that I was going to personally deliver. Somehow, after telling myself NOT to put it in the mail, and having said it aside from the rest, I still dropped it in. Luckily, I was suing recycled/used envelopes, so it came right back up to my floor from the mailroom. Had to run around the building for a while though...

 

[Sunner]

Originally posted by: waggy
hahahah he is complaining because he is being blamed for it. WELL duh! it was stolen OUT OF HIS CAR!

I would too.
That's the stupidest "backup plan" I've ever heard of.
Whoever came up with it should be fired on the spot, it's not like it's the intern's fault that whoever managed that place is a complete moron.

Yeah, leaving it in the car was stupid, but he may well have just forgotten it, it's not exactly some standard procedure, and certainly not a procedure to be handled by an intern.
- It shouldn't have left the building any other way than with a professional storage service knee deep in NDA's and security obligations.
- It shouldn't have been unencrypted.
- It shouldn't be handled by a damn intern at all.

 

[halik]

Originally posted by: waggy

Originally posted by: halik

Originally posted by: waggy
hahahah he is complaining because he is being blamed for it. WELL duh! it was stolen OUT OF HIS CAR!

I think you missed the point of how that was a systematically introduced failure... the fact that unencryped ssoc data was let out of the building was where the system failed. The fact that someone stole it from a car is a product of the above.

no i get it. the whole situation is absurd. if htey want to take it off site it needs to be done right.

but he is at fault. he left it in his car. he knew that it was a important paice of information and did not care.

while not 100% at fault he is i would say 90%. they should have had a better setup but he was in charge of it and blew it. i have no sympathy for him. hopefully he has learned

I really hope you work nowhere near IT security... this fvckup was 100% failure of the managent. It makes no difference if the kid lost it on the way to work, got mugged with it or had it stolen during a burglary from a safe in his apartment - it's completely irrelevant . The fact is the people running the show let EXTREMLY sensitive data out of the building without encryption and that's what jeopardized the security.

 

[911paramedic]

Originally posted by: krunchykrome
I dont understand why sensitive information like that would be allowed offsite, especially in the hands on an intern.

My sister is the CFO for a company, and that info is taken offsite nightly for backup/restoration purposes. Why it wasn't encrypted, or taken by the consultant, is another story.

 

[waggy]

Originally posted by: halik

Originally posted by: waggy

Originally posted by: halik

Originally posted by: waggy
hahahah he is complaining because he is being blamed for it. WELL duh! it was stolen OUT OF HIS CAR!

I think you missed the point of how that was a systematically introduced failure... the fact that unencryped ssoc data was let out of the building was where the system failed. The fact that someone stole it from a car is a product of the above.

no i get it. the whole situation is absurd. if htey want to take it off site it needs to be done right.

but he is at fault. he left it in his car. he knew that it was a important paice of information and did not care.

while not 100% at fault he is i would say 90%. they should have had a better setup but he was in charge of it and blew it. i have no sympathy for him. hopefully he has learned

I really hope you work nowhere near IT security... this fvckup was 100% failure of the managent. It makes no difference if the kid lost it on the way to work, got mugged with it or had it stolen during a burglary from a safe in his apartment - it's completely irrelevant . The fact is the people running the show let EXTREMLY sensitive data out of the building without encryption and that's what jeopardized the security.

while it shouldnt have been let out. the kid was lazy. he lost it because he didnt want to take it inside.

he deserves to be fired. BUT so does whoever setup the stupid way its done.

the kid is NOT blameless.

 

[Turin39789]

Originally posted by: waggy

Originally posted by: halik

Originally posted by: waggy
hahahah he is complaining because he is being blamed for it. WELL duh! it was stolen OUT OF HIS CAR!

I think you missed the point of how that was a systematically introduced failure... the fact that unencryped ssoc data was let out of the building was where the system failed. The fact that someone stole it from a car is a product of the above.

no i get it. the whole situation is absurd. if htey want to take it off site it needs to be done right.

but he is at fault. he left it in his car. he knew that it was a important paice of information and did not care.

while not 100% at fault he is i would say 90%. they should have had a better setup but he was in charge of it and blew it. i have no sympathy for him. hopefully he has learned

His car wasn't secure enough for the tape, but neither was his apartment. This is 100% managements fault. You don't send a bank employee home with $5 million because the vault is full and get upset when it gets stolen out of their trunk/apartment.

 

[KarmaPolice]

While the intern really should have taken it inside...All the blame is on management on this one.

Makes me feel better about the mistakes i've made in my intern lol

 

[GenHoth]

Originally posted by: ElFenix
their offsite backup plan is to have interns keep tapes overnight? wtf? and people want the government running the medical care system?

I want the govt as far from health care as possible!

 

[caivoma]

Originally posted by: waggy

Originally posted by: halik

Originally posted by: waggy

Originally posted by: halik

Originally posted by: waggy
hahahah he is complaining because he is being blamed for it. WELL duh! it was stolen OUT OF HIS CAR!

I think you missed the point of how that was a systematically introduced failure... the fact that unencryped ssoc data was let out of the building was where the system failed. The fact that someone stole it from a car is a product of the above.

no i get it. the whole situation is absurd. if htey want to take it off site it needs to be done right.

but he is at fault. he left it in his car. he knew that it was a important paice of information and did not care.

while not 100% at fault he is i would say 90%. they should have had a better setup but he was in charge of it and blew it. i have no sympathy for him. hopefully he has learned

I really hope you work nowhere near IT security... this fvckup was 100% failure of the managent. It makes no difference if the kid lost it on the way to work, got mugged with it or had it stolen during a burglary from a safe in his apartment - it's completely irrelevant . The fact is the people running the show let EXTREMLY sensitive data out of the building without encryption and that's what jeopardized the security.

while it shouldnt have been let out. the kid was lazy. he lost it because he didnt want to take it inside.

he deserves to be fired. BUT so does whoever setup the stupid way its done.

the kid is NOT blameless.

I agree he isnt blameless but i bet there are other interns beside him that did took other data home/left them in the car and unfortunately, he is the one to lost it first.

From the story, it seems like he does indeed a scapegoat though.

 

[pstylesss]

I would say it would only be the interns fault if he lost it, but it was stolen. Whoever made that choice was fvcking idiot. It only costs a couple hundred month to send it offsite to a vault by a company that does that sort of thing. Those consultants are not worth ~200/hr.

 

[edro]

What if the tape was stolen from his apartment? Would he still be to blame?

The ghetto rat that stole the backup tape probably doesn't even know what it is or how to read the data anyway.

 

[Sunner]

Originally posted by: 911paramedic

Originally posted by: krunchykrome
I dont understand why sensitive information like that would be allowed offsite, especially in the hands on an intern.

My sister is the CFO for a company, and that info is taken offsite nightly for backup/restoration purposes. Why it wasn't encrypted, or taken by the consultant, is another story.

There are many security companies that do this, they have properly trained people for it, they have armored cars for it, and they have vaults for it.
It isn't expensive either.
There is NO excuse for any company not to use such services with sensitive data, encrypted or not.

 

[BoomerD]

So...I just gotta wonder...did the intern also just happen to find....say $50K laying around somewhere?

There's way too much of this kind of crap happening over the past couple of years for it to just be "coincidence"...I tend to suspect that (at least in some of the cases) this info is being sold...not just conveniently stolen. How many petty theives would automatically steal this kind of stuff? I doubt there's a fence on every street corner just waiting for someone to unload a batch of SS numbers...

/me is a VERY suspicious bastard...

 

[kranky]

The only appropriate follow-up story to this is that the entire chain of responsible consultants get canned, and the intern gets his job back.

They ought to put the consultants in jail for a month on general principles. Until people have to be accountable for mismanagement of people's personal data, I don't see this ending anytime soon.