A backup computer storage device with the names and Social Security numbers of every state worker was stolen out of a state intern's car Sunday night, Gov. Ted Strickland announced this morning.
Strickland said it would require a significant level of expertise and multiple computer programs to access the personal information of the 64,467 state workers.
"We have no reason to believe there's any breach of security at this time, and we think it is unlikely that a breach will occur," he said at a press conference.
But he's notifying all state workers in an e-mail today and by mail over the weekend about the theft. A Web site and toll-free telephone numbers are being established with information for workers.
The numbers are (888) 644-6648 (a tape-recorded message); (877) 742-5622 (the Ohio Consumers' Counsel); or (800) 267-4474 (the state emergency call center). The call centers will be open from 11 a.m. to 7 p.m. today, from 10 a.m. to 4 p.m. Saturday and Sunday, and from 8 a.m. to 5 p.m. next week.
The Web site: www.ohio.gov/idprotect.
Strickland said the state also is planning to provide identity theft insurance at no cost to workers for the next year - a step estimated to cost the state $660,000.
The governor noted his personal information also was on the tape "and I slept very well last night."
State Budget Director J. Pari Sabety said authorities learned of the theft Monday morning. But it took so long to plow through the data on a similar backup device - more than 338,000 files and 24,000 folders - that state officials did not realize the significance of the risk to employees until yesterday.
Part of the reason for the delay in making the news public was "so we would not risk unduly panicking people," she said.
Said Strickland: "I believe we've responded in an expeditious manner, exercising appropriate caution. - I think we acted responsibly and in a timely manner once we became confident we had accurate information."
The storage device - described as the second backup tape - with the sensitive information is taken offsite each night by one member of a rotating staff of state network administrators. That policy was adopted in April 2002, Strickland said.
But the state intern who had it Sunday night did not follow proper procedure and left it in his car, where it was stolen after a break-in, Strickland said.
He said he already has issued an executive order revamping the procedures to ensure the privacy of employees' personal information.
The State Highway Patrol is investigating and has committed what was described as substantial resources to the probe. After a review, Strickland "will take appropriate disciplinary action when the facts are known," he said.
The theft of personal information, including Social Security numbers, which can be used to steal people's identity and tap their credit, has been a major problem in the digital age.
Government agencies have struggled with how to restrict access to sensitive information in public records on their Web sites, and thieves have hacked into systems to steal it.
A hacker broke into an Ohio State University computer in April, for example, and stole the names, Social Security numbers, employee ID numbers and birth dates of more than 14,000 current and former faculty and staff members. Ohio University also has had well-publicized hacking problems.
Earlier this month, the federal Transportation Security Administration said it lost a computer hard drive containing Social Security numbers, bank data and payroll information for about 100,000 employees.