The Connecticut Department of Revenue Services reported the theft of an agency laptop computer containing names and Social Security numbers of 106,000 taxpayers.
Noting the department took 11 days to notify citizens, Gov. M. Jodi Rell ordered the Department of Information Technology (DOIT) to create a state laptop security policy in early September.
The Department of Revenue Services (DRS) stated the laptop was password protected, and that there is no information to date the data has been accessed. DRS did not dismiss the possibility of someone with specialized knowledge being able to access the data.
DRS indicated it has contacted law enforcement and is conducting an administrative investigation.
The new state security policy will require agencies to notify immediately DOIT when a laptop is lost or stolen, and will require agencies to restrict sensitive data from being placed on laptops. The state will also explore expanding the use of “virtual private networks” that provide hacker-resistant links for workers to work with information remotely, eliminating the need to load data onto laptops.
Also in late August, New York career Web site Monster.com Inc. reported hackers broke into a password-protected Web site it operates. The perpetrators stole client names and contact information, then posing as Monster.com employees e-mailed those customers for additional personal and financial information.
Pfizer Inc. has twice reported this year security breaches involving data on more than 300 Connecticut residents.
Â
