Advertisement

Archive for Sunday, June 22, 2008

Security slip

Lax state policies have compromised thousands of Social Security numbers and other personal information.

June 22, 2008

Advertisement

To those who carefully guard their Social Security numbers and other information that could allow someone to steal their financial identity, the news this week out of Topeka was stunning.

An investigation conducted by the Kansas Legislature's Division of Post Audit found that many, perhaps hundreds of, surplus state computers had been sold to the general public while they still contained confidential information stored by the original users. That information included thousands of names and Social Security numbers as well as personal information on state employees and password accounts that would come in handy for anyone wanting to hack into the state's computers.

Out of 15 surplus computers tested by the auditors, 10 still contained some data; seven of those 10 held confidential information that the auditors said could be easily accessed using software that is readily available for about $60.

In backtracking this discovery, the auditors found that many state agencies had no policies for removing data from computers that were being discarded. Some thought the state's Surplus Property agency was responsible for clearing the hard drives, but that isn't the case.

It isn't known how many data-containing computers were sold, but the state reportedly disposed of about 600 computers in the year ending April 30. Because they haven't received any reports linking identity theft to surplus state computers, state officials seem to be adopting the attitude of "no harm, no foul," but who knows what information now is floating around waiting to be plucked off and used for nefarious purposes?

State officials are considering whether to try to track down the computers that were purchased, but that would be next to impossible. It seems that all state residents can do is watch their bank and credit card accounts and keep their fingers crossed.

State agencies said they would immediately tighten up their procedures for disposing of computers. That's good, but it could be coming too late. Considering how little money the state probably makes from selling outdated computers as surplus, it might make more sense, both financially and for security reasons, to simply destroy the computers when they are taken out of service.

The news about the computers is another example of the Legislative Division of Post Audit more than earning its keep for state taxpayers. It's good that legislators decided to ask the questions that led to the computer audit; it's just too bad they didn't start asking a little sooner.

Comments

Sigmund 6 years, 6 months ago

"The news about the computers is another example of the Legislative Division of Post Audit more than earning its keep for state taxpayers. It's good that legislators decided to ask the questions that led to the computer audit; it's just too bad they didn't start asking a little sooner."Agree completely. All is it takes is a request from a courageous legislator and we could have the empTy, the Business Park, and City operations audited. Sadly today that is oxymoron."Any legislator or legislative committee can request a performance audit by contacting any member of the Committee or by contacting Legislative Post Audit directly. Audits are done only at the Legislative Post Audit Committee's direction. Once a performance audit is approved, we assign it to an audit team. When the audit is completed, the audited agency has a chance to review and comment on it before it's presented to the Legislative Post Audit Committee."http://www.kslegislature.org/postaudit/about.shtml

Sigmund 6 years, 6 months ago

Starlight (Anonymous) says: "Idiots."I disagree. They know how to nuke a disk but are too lazy to do so. So what if taxpayers personal information is used for fraud and identity theft? They simply can't be bothered. After all when was the last time you ever heard of a State of Kansas or City of Lawrence employee being fired for a lack of job performance? Incompetent, lazy, and wasteful virtually defines the majority State and City employees. I can hardly wait for government run health care.

monkeyhawk 6 years, 6 months ago

Sig, have no fear, Eglinski is here.http://www2.ljworld.com/news/2008/feb/05/lawrence_hires_auditor/I'm sure that the waste, fraud and/or incompetence report is due any day. I am also sure he has already saved the taxpayers at least the sum of his salary. Hasn't he?

Sigmund 6 years, 6 months ago

monkeyhawk (Anonymous) says:"Sig, have no fear, Eglinski is here. I'm sure that the waste, fraud and/or incompetence report is due any day. I am also sure he has already saved the taxpayers at least the sum of his salary. Hasn't he?"Just how free do you think an employee (who is still probably on probation) is going to feel to criticize his employer who signs his paycheck? We all know how well past Commissions have handled criticism of fiscally unsound policies. This Commission, despite my fondest hopes, looks to have even less cajones than the previous Commission who who were quite fascist in their implementation of progressive policies.

Sigmund 6 years, 6 months ago

The State employees who failed to do their jobs should be given a choice. Keep your jobs but publish their personal information including social security numbers, birth dates, residential address, and bank account number; or have their employment terminated.

Commenting has been disabled for this item.