If you’re one of 13,000 people employed by the District of Columbia, chances are that your personal information, including identifiers such as your social security number, were stolen on Monday, when an ING employee (they run the retirement program) took home a laptop, which was promptly stolen. What’s worse, the laptop wasn’t protected by a password, and the data contained on the laptop wasn’t encrypted, so anyone with physical access to the laptop will have fairly immediate access to the identity data.
DC Police and ING suggest that it’s entirely possible the thief wasn’t after the data, but the hardware, and sold it quickly and cheaply. However, that doesn’t guarantee that whoever bought it hasn’t just stumbled on to some kind of gold mine.
What’s really infuriating about all of this is that it comes so quickly on the heels of the VA laptop being stolen as well. Why aren’t companies taking steps to protect that kind of data? Why are they still checking it out on laptops with no password protections? Why are they still checking it out on computers at all? Why isn’t this sort of thing something you work on only in the confines of the office, over a local data link?
This post appeared in its original form at DC Metblogs