Detective's stolen laptop puts thousands at risk of identity theft

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.komonews.com/news/local/Stolen-sheriffs-office-laptop-puts-thousand-at-risk-of-identity-theft-212860341.html

SEATTLE -- Thousands of people are now vulnerable to identity theft,
and it's all because of a stolen laptop.

The information, which includes Social Security and drivers license
numbers, was on a King County sheriff's office computer that was
stolen from a detective.

The laptop and a personal hard drive were full of case files,
including personal information about thousands of crime victims,
suspects, witnesses and even police officers.

The laptop was stolen last March from the backseat of a detective's
undercover pickup truck.

To say Christie Diemond was outraged when she got a letter in the mail
last Friday would be beyond an understatement.

"One of our detective's laptop computers was stolen from her vehicle,"
Diemond read from the letter.

The letter goes on to say that the Social Security and drivers license
number of both Diemond and her deceased mother could have been
compromised and they could be victims of identity theft.

"Nobody could be more shocked than I was that the King County police
had lost a laptop with all my personal information," Diemond said.

The sheriff's office confirms the laptop was stolen from the truck.
Officials says the detective didn't follow KCSO policy and could face
discipline.

"I feel awful for them that this happened, but there was no malicious
intent," said Det. Sgt. Katie Larson with the sheriff's office.

The sheriff's office is legally required to notify victims about the
security breach, and last week they sent out 2,300 letters to everyone
who may now be vulnerable.

Larson said it took this long to send the letters because they had to
figure out who they needed to notify.

"It's not something you can just press a button and it all pops up for
you," she said. "Somebody had to go through and read everything and
cull out all of that information."

But Diemond said waiting three months to notify her gave potential
identity thieves a head start on using her information.

"I went through the roof," she said. "I can't even believe they waited
that long to tell people that. It's outrageous -- it's worse than
outrageous."

The sheriff's office said this was not the first data loss they've
had, but it was the largest.

They were already in the process of adding encryption software to all
of their computers when the theft happened. Sixty percent of the
computers were finished, but the stolen computer was not one of them.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.