Minnesota’s fail-unsafe data

MPR’s Sasha Aslanian has a story that may sound familiar. Data entrusted to the state of Minnesota becomes public or is otherwise abused.

In this case, the state is notifying about 500 employees that their personal data — including names, dates of birth and Social Security numbers — may have been accessible on a Web site of the company hired to check new employees. Aslanian easily found employee names, birth dates, Social Security numbers and hire dates for every state agency using the service.

Here’s a recent history of the state’s problems protecting sensitive data:

March 2009 – State officials send a letter to every state employee in Minnesota, telling them some personal data was inadvertently released. The state’s employee salary list was turned over to an unnamed individual, and mistakenly included addresses.

January 2008 – Two Department of Public Safety customer service reps were suspended after an investigation into the unauthorized use of the state driver’s license database showed they accessed records of prominent Minnesotans from their home computers.

July 2007 – A University of Minnesota owned laptop with identity information on students is stolen from a car in California.

August 2006 – Two computers were stolen from an Institute of Technology employee at the University of Minnesota. Included were identities of 13, 084 students between 1992-2006, including the Social Security numbers of 603 of them.

June 2006 – A server backup tape contained Social Security numbers and other information for 2,400 Minnesota taxpayers and identifying information on 48,000 businesses was lost. The tape was sent in a package along with three checks totaling $2,400 and some interoffice correspondence. The package was delivered two months later.

December 2005 — Legislative Auditor James Nobles warns officials that the state’s most important computers remain vulnerable. A member of his staff says many state workers can view private information that is not required to perform their jobs.

April 2005 – A legislative auditor’s report concluded that hackers could get into the Department of Public Safety’s license tab renewal system and steal consumers’ private data. State officials shut down the Web site.

These incidents are on top of the gaffes by private organizations here who have your data:

November 2007 – A laptop with about 268,000 names and Social Security numbers was stolen from a blood bank.

May 2006 – Medicare drug benefit applications from Minnesotans and North Dakotans were stolen from an insurance agent’s unlocked car in Brooklyn Park. Information included applicants’ name, address, date of birth, Social Security number, and bank routing information, according to the Privacy Rights Clearing House.