State Of Ohio Backup Fiasco

I preach the benefits of offsite backups to everyone.  But getting people to that point is usually a multiple step process.  People get overwhelmed by backup and recovery stuff – and I don’t blame them.  Folks will typically take the initial step of doing manual backups.  “That’s great!” I tell them.  But then I usually follow that up with, “now it’s time to automate that process.”  I do this after a couple of months – because that’s when their manual process starts to slide.  After they start an automated backup process, I wait a few more months.  Then I ask them a question like, “hey, what would happen to your data if your office burnt down?”  That question usually stops them in their tracks because they know they would be screwed.

Well, the State of Ohio, fortunately, practices the art of offsite backups.  Unfortunately, an intern was instructed to take a backup media (I’m thinking it’s a large reel magnetic tape, but I could be wrong) offsite.  By offsite, I mean the intern was told to take it home.  And the intern, being an intern, probably stopped off somewhere in the process.   And when they stopped, I guess they didn’t lock their car.  And that’s when someone stole that backup reel.  Doh!

So, late last week, the State of Ohio announced that state employees – all of them – had records on that reel.  That’s to the tune of 64,000 state employees.  The reel included their social security numbers.  Ouch.  And this week, it was announced that the reel also included some 225,000 taxpayers’ social security numbers and 600 lottery winners.  Holy schnikeys.  These taxpayers and lottery winners had the unduly luck of being folks who hadn’t yet cashed their checks.  Well, the state has set up a website for you to check if you are one of the lucky ones, called idprotect.

There are many lessons here.  One being that you don’t leave backup media in an unlocked car.  That’s a big no no anyway, but when it contains sensitive data on it – that’s a horrendous error.  The other is that you shouldn’t entrust that kind of task to an intern.  There are others, but I think you get the drift.