The Florida Department of Juvenile Justice says it “strives to increase public safety by reducing juvenile delinquency, strengthening families and turning around the lives of troubled youth.” Creating more trouble for youth and their families is obviously not part of their mission, yet that’s what may have happened. From a press release they issued yesterday:
The Florida Department of Juvenile Justice (DJJ) today reported an information security breach to FDLE, due to the possibility of identity theft.
On Jan. 2, DJJ reported the theft of a mobile device containing youth and employee records to the Tallahassee Police Department (TPD), which is currently investigating the theft. DJJ has also notified the Office of Information Security.
The device, which was stolen from a secure DJJ office, was not encrypted or password-protected as required by DJJ’s technology policy.
“This is an unacceptable lapse that could potentially expose youth and employees to identity theft,” stated Secretary Wansley Walters. “We are working to determine who may be affected by the breach and make sure that all other devices with confidential information are properly protected. We are partnering with TPD to track down the stolen device and have reached out to FDLE.”
DJJ confirms that more than 100,000 records may have been compromised, and the agency is currently working to determine the affected individuals. DJJ is working to notify those youth and employees who may be affected, once they are determined.
DJJ issued emails with a policy reminder and prospective security instructions to all employees and contracted provider programs requiring the immediate encryption of all mobile devices that are not already protected and contain confidential data.
For information on preventing and recovering from identity theft, please visit the Florida Attorney General Identity Theft webpage or the Federal Trade Commission identity theft webpage, or call1-877-ID-THEFT (438-4338).
This may not be the department’s first “unacceptable lapse.” In September 2012, a small item in the Orlando Sentinel reported that three computers “containing sensitive Department of Juvenile Justice information” were stolen. The theft, which occurred at the Boca Club apartments, was reported to and by the Orlando Police, who would not reveal any other details citing the ongoing investigation. Why three computers with sensitive DJJ information were at that location was never explained, and I found no follow-up on the theft report.