Security News > 2007 > September > More laptops mean greater security risk to taxpayers

More laptops mean greater security risk to taxpayers
2007-09-05 05:07

http://www.nhregister.com/site/news.cfm?newsid=18777364&BRD=1281&PAG=461&dept_id=590581&rfi=6 By Gregory B. Hladky Capitol Bureau Chief 09/03/2007 HARTFORD - Last months theft of a state laptop computer containing confidential information on 106,000 Connecticut taxpayers has highlighted concerns about security for the state governments increasing numbers of laptops. The 14 largest state agencies own between 2,500 and 3,000 laptops that their employees often use in the field or at home, according to figures supplied by the Department of Information Technology. Officials at the comptrollers office say 19 state laptops were reported stolen between June 30, 2006, and July 1, 2007. Nuala Whelton, spokeswoman for the information agency, said the number of state-owned laptop computers is increasing at a rapid pace in large part because the state is attempting to prepare for various types of emergencies. "We want to have a way for our state employees to continue to do their jobs even if their regular place of business is shut down," Whelton said. The fear is that severe weather or a terrorist attack or even a flu pandemic could shut down essential services if key buildings had to be closed. Use of laptops means employees can access information in the field or at home if they cant get to work. Whelton said there has been "a real spike in the past year" in the number of employees who are using the special system that allows them remote access to the states computer network. She said use of the virtual private network has jumped by about 30 percent. The system is intended to allow employees to work from home or in the field "over a secure network," Whelton said. Access to the network is limited, which means employees must use a special system rather than simply connecting from a commercial Internet service. But the increased use of laptops by employees also carries a risk, as was illustrated by the recent theft of a Department of Revenue Services laptop. The portable computer was stolen Aug. 17 from the personal car of an employee of the tax agency. The workers vehicle happened to be in Suffolk County, N.Y., at the time of the theft. Although state officials say the theft was reported "within hours," it took the agencys computer forensic experts 11 days to reconstruct what information was on the laptop, and the result was a blockbuster. The DRS laptop contained the names and Social Security numbers of about 10 percent of all Connecticut taxpayers. The stolen laptops information was protected by a security password and state officials said last week there had been no indication that any of the information had been used for illegal purposes. But DRS spokeswoman Sarah Kaufman said experts fear an individual with the right computer skills who knew what he was looking for could find a way to access the confidential taxpayer information. The state has created a new search engine (available at www.ct.gov/DRS) to allow taxpayers to find out if their information was on the stolen laptop. In addition, the state will spend about $1 million to provide free identity-theft coverage for a year for taxpayers whose information was stolen and who register for the service. DRS officials are conducting an internal investigation to find out why so much taxpayer information was contained on one portable computer and why the employee had the computer in a personal car on Long Island. The name of the worker involved isnt being released because of the investigation. Kaufman said DRS has issued 177 laptops to its employees, primarily to tax auditors so they can work more easily and quickly on field audits. Only information necessary to an employees current tasks are supposed to be on a DRS laptop, according to Kaufman. Rell has ordered a series of new controls on the use of laptops in the wake of the stolen computer incident. Those will include tougher restrictions on what kind of sensitive information can be loaded on state laptops, stricter reporting requirements for computers that are lost or stolen, and new encryption programs for all agencies. Whelton said an interagency group was already working on new encryption standards for computers before the DRS laptop was stolen. Copyright New Haven Register 2007 ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/


News URL

http://www.nhregister.com/site/news.cfm?newsid=18777364&BRD=1281&PAG=461&dept_id=590581&rfi=6