RSS

IRS Staffer Loses Laptop

David Utter
Staff Writer
2006-06-08

Insider Reports RSS Feed

Fortunately, the fallout from the latest incident of someone in the federal government failing to keep a laptop in close proximity only affects 291 people.

One of the most effective ways to lose a valuable item is to check it as baggage with an airline. Virtually everyone who values a laptop just for the hardware's sake, let alone the data on it, carries it on board an aircraft.

Not the unnamed hapless IRS employee who checked a laptop onto an airline while traveling to a job fair last month. The Washington Post reported the laptop contained "unencrypted names, birth dates, Social Security numbers and fingerprints of the employees and applicants."

About 100 of the people on the machine are IRS employees. No tax return information was on the laptop, according to an IRS spokesperson. Other than that detail, the spokesperson refused to provide other information about the employee or the airline, citing an ongoing investigation by the Treasury Department.

That spokesperson, Terry Lemons, told the Post that there was some security covering the data on the laptop:

"The data was not encrypted, but it was protected by a double-password system," Lemons said. "To get in to this personal data on there, you would have to have two separate passwords."

Colleen M. Kelley, president of the National Treasury Employees Union, said IRS employees are worried. "The first thing that comes to mind is identity theft and why care and caution wasn't taken to encrypt their data," she said.

The encryption question is a good one, since IRS policy generally requires taxpayer info to be encrypted when taken in the field. A similar policy for employee data does not seem to exist, the article said.

Password protection will vary in its effectiveness. A lengthy password, preferably with a variety of letters, numbers, and special characters, will offer substantial resistance to the password crackers.

If like many people the laptop's user came up with an easy to remember, short password, a well-known utility like John the Ripper may be able to chew through it without a problem.

It may be time for the Department of Homeland Security to mandate the usage of software like Absolute's CompuTrace or similar products on government laptops. Products like CompuTrace can "phone home" when reported stolen, and deliver information on their location to the monitoring company and law enforcement.

The Department of Veterans Affairs probably wishes they had done so before a now-former analyst lost data for millions of military personnel on or off of active duty.

---
Tag: IRS

Add to

Del.icio.us |

Digg |

Yahoo! My Web |

Furl

Bookmark WebProNews:

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials