By Gregory B. Hladky
Capitol Bureau Chief
HARTFORD - Last months theft of a state laptop computer containing
confidential information on 106,000 Connecticut taxpayers has
highlighted concerns about security for the state governments increasing
numbers of laptops.
The 14 largest state agencies own between 2,500 and 3,000 laptops that
their employees often use in the field or at home, according to figures
supplied by the Department of Information Technology.
Officials at the comptrollers office say 19 state laptops were reported
stolen between June 30, 2006, and July 1, 2007.
Nuala Whelton, spokeswoman for the information agency, said the number
of state-owned laptop computers is increasing at a rapid pace in large
part because the state is attempting to prepare for various types of
"We want to have a way for our state employees to continue to do their
jobs even if their regular place of business is shut down," Whelton
The fear is that severe weather or a terrorist attack or even a flu
pandemic could shut down essential services if key buildings had to be
closed. Use of laptops means employees can access information in the
field or at home if they cant get to work.
Whelton said there has been "a real spike in the past year" in the
number of employees who are using the special system that allows them
remote access to the states computer network. She said use of the
virtual private network has jumped by about 30 percent.
The system is intended to allow employees to work from home or in the
field "over a secure network," Whelton said. Access to the network is
limited, which means employees must use a special system rather than
simply connecting from a commercial Internet service.
But the increased use of laptops by employees also carries a risk, as
was illustrated by the recent theft of a Department of Revenue Services
The portable computer was stolen Aug. 17 from the personal car of an
employee of the tax agency. The workers vehicle happened to be in
Suffolk County, N.Y., at the time of the theft.
Although state officials say the theft was reported "within hours," it
took the agencys computer forensic experts 11 days to reconstruct what
information was on the laptop, and the result was a blockbuster.
The DRS laptop contained the names and Social Security numbers of about
10 percent of all Connecticut taxpayers.
The stolen laptops information was protected by a security password and
state officials said last week there had been no indication that any of
the information had been used for illegal purposes.
But DRS spokeswoman Sarah Kaufman said experts fear an individual with
the right computer skills who knew what he was looking for could find a
way to access the confidential taxpayer information.
The state has created a new search engine (available at www.ct.gov/DRS)
to allow taxpayers to find out if their information was on the stolen
In addition, the state will spend about $1 million to provide free
identity-theft coverage for a year for taxpayers whose information was
stolen and who register for the service.
DRS officials are conducting an internal investigation to find out why
so much taxpayer information was contained on one portable computer and
why the employee had the computer in a personal car on Long Island. The
name of the worker involved isnt being released because of the
Kaufman said DRS has issued 177 laptops to its employees, primarily to
tax auditors so they can work more easily and quickly on field audits.
Only information necessary to an employees current tasks are supposed to
be on a DRS laptop, according to Kaufman.
Rell has ordered a series of new controls on the use of laptops in the
wake of the stolen computer incident. Those will include tougher
restrictions on what kind of sensitive information can be loaded on
state laptops, stricter reporting requirements for computers that are
lost or stolen, and new encryption programs for all agencies.
Whelton said an interagency group was already working on new encryption
standards for computers before the DRS laptop was stolen.
Copyright New Haven Register 2007
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!