Mansfield, Ohio -- Area Agency on Aging: Breached due to Lost Laptop

On June 3, an employee of the Area Agency of Agency in Mansfield, Ohio had a laptop stolen from their car. This resulted in the exposure of personal data related to 43,000 customers.  The laptop was assigned to a Passport case manager. The personal data was health related in nature and also contained the  personal contact information of 35,000 related clients' personal representatives.  


According to a report in The Morning Journal  the Area Agency on Aging had the following response to the Breach:

“The Area Agency on Aging understands the importance of safeguarding our consumer’s personal information and takes that responsibility very seriously,” said Duana Patton, chief executive officer. “We deeply regret that this incident occurred, and we have already taken steps to ensure our laptops are properly equipped to secure personal information from unauthorized access in the future.” 

Unfortunately many organizations take a reactive approach to encrypting endpoint devices such as laptops and cell phones that may contain sensitive information. 


Oil giant BP, had a similar incident this spring in which an employee lost their laptop during routine business travel. The laptop contained  unencrypted personal data such as names, social security numbers, and dates of birth for over 13,000 people who submitted claims with the company after last years oil spill. 


According to Ponemon's "Cost of a Lost Laptop" report, a lost or stolen, unencrypted laptop, will cost an organization $20,000 more than if an encrypted laptop is lost or stolen. Read the full Ponemon report here: Cost of a Lost Laptop Study - Ponemon