Monday, November 05, 2007
2 TSA contractor laptops with personal information are missing
2 TSA contractor laptops with personal information are missing
By EILEEN SULLIVAN, The Associated Press
2007-10-15 21:25:49.0
Current rank: Not ranked
WASHINGTON -
Two laptop computers with detailed personal information about commercial drivers across the country who transport hazardous materials are missing and considered stolen.
The laptops belong to a contractor working for the Transportation Security Administration and contain the names, addresses, birthdays, commercial driver's license numbers and, in some cases, Social Security numbers of 3,930 people, according to an Oct. 12 letter from TSA to lawmakers.
The contractor, Integrated Biometric Technology, told TSA that the personal information was deleted from the computers before they were stolen, the letter stated. But after the second laptop was stolen, TSA investigators discovered that a person with data recovery skills could recover the personal information that the contractor deleted. TSA spokesman Christopher White said none of the information on the computers has been misused.
News of the security breach came the day before TSA begins collecting similar personal information from employees with access to areas at the port of Wilmington, Del. The Transportation Worker Identification Credential program is set to launch in Wilmington on Tuesday. Eventually 750,000 employees across the country with access to port areas will be required to submit information for background checks.
"We're outraged that on the eve of expanded worker screening for port workers, it appears that TSA and its contractors failed to protect the confidential information of other transportation workers who underwent similar background checks," said Edward Wytkind, president of the AFL-CIO's transportation trades department. But White said the TWIC program would be run through TSA computers and not the contractor's.
Since the two laptops were stolen, TSA has instructed the contractor to fully encrypt hard drives. The TSA program, called the Hazardous Materials Endorsement Threat Assessment, collects information for security-clearance purposes for any driver who transports hazardous materials. These assessments were mandated in the Patriot Act. Integrated Biometric Technology will provide one year of free credit-monitoring services to the 3,930 people affected.
Earlier this year, TSA lost a computer hard drive with sensitive bank and payroll data for 100,000 employees. The hard drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave data, bank account and routing information, and details about financial allotments and deductions.
"It would be nice if the department in charge of homeland security would actually be able to secure the data on their own computers," said Rep. Ed Markey, D-Mass. "Right now, the department's data privacy track record falls far short of what DHS employees and the American public expect and deserve."
By EILEEN SULLIVAN, The Associated Press
2007-10-15 21:25:49.0
Current rank: Not ranked
WASHINGTON -
Two laptop computers with detailed personal information about commercial drivers across the country who transport hazardous materials are missing and considered stolen.
The laptops belong to a contractor working for the Transportation Security Administration and contain the names, addresses, birthdays, commercial driver's license numbers and, in some cases, Social Security numbers of 3,930 people, according to an Oct. 12 letter from TSA to lawmakers.
The contractor, Integrated Biometric Technology, told TSA that the personal information was deleted from the computers before they were stolen, the letter stated. But after the second laptop was stolen, TSA investigators discovered that a person with data recovery skills could recover the personal information that the contractor deleted. TSA spokesman Christopher White said none of the information on the computers has been misused.
News of the security breach came the day before TSA begins collecting similar personal information from employees with access to areas at the port of Wilmington, Del. The Transportation Worker Identification Credential program is set to launch in Wilmington on Tuesday. Eventually 750,000 employees across the country with access to port areas will be required to submit information for background checks.
"We're outraged that on the eve of expanded worker screening for port workers, it appears that TSA and its contractors failed to protect the confidential information of other transportation workers who underwent similar background checks," said Edward Wytkind, president of the AFL-CIO's transportation trades department. But White said the TWIC program would be run through TSA computers and not the contractor's.
Since the two laptops were stolen, TSA has instructed the contractor to fully encrypt hard drives. The TSA program, called the Hazardous Materials Endorsement Threat Assessment, collects information for security-clearance purposes for any driver who transports hazardous materials. These assessments were mandated in the Patriot Act. Integrated Biometric Technology will provide one year of free credit-monitoring services to the 3,930 people affected.
Earlier this year, TSA lost a computer hard drive with sensitive bank and payroll data for 100,000 employees. The hard drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave data, bank account and routing information, and details about financial allotments and deductions.
"It would be nice if the department in charge of homeland security would actually be able to secure the data on their own computers," said Rep. Ed Markey, D-Mass. "Right now, the department's data privacy track record falls far short of what DHS employees and the American public expect and deserve."
Labels: Transportation Security Admin.
Saturday, May 19, 2007
TSA loses hard drive with personal information of 100,000 employees
TSA loses hard drive with personal information of 100,000 employees
Dan Kaplan May 7 2007 18:05
The Transportation Security Administration (TSA) said today that it is investigating a missing external hard drive containing sensitive information of about 100,000 employees.
The hard drive, discovered missing from a controlled area at the federal agency on Thursday, contained the names, Social Security numbers, birth dates, bank account and routing data and payroll information of employees who worked for the agency between January 2002 and August 2005, TSA administrator Kip Hawley said in a notification letter to victims. Authorities are unsure whether the data was lost or stolen.
Hawley apologized to employees whose identity was exposed, but said the TSA has no reason to believe any of the information has been misused. Still, the agency promised to provide affected individuals with one year of free credit monitoring service.
"We are notifying you out of an abundance of caution at this early stage of the investigation given the significance of the information contained on the device," Hawley said. "We apologize that your information may be subject to unauthorized access, and I deeply regret this incident."
The FBI and U.S. Secret Service have opened criminal investigations, according to a separate statement.
The TSA said it has comprehensive data security policies in place and violators face "swift disciplinary action," including firing.
This is the second time in less than a year that the agency responsible for securing the nation’s airports was involved in a data breach.
Last September, a contractor accidentally mailed about 1,200 documents containing Social Security numbers of former TSA employees to incorrect addresses.
"It’s kind of ironic that the government agency charged with maintaining the security of our nation’s transportation system can’t manage the security of its own employees’ files," said Paul Stephens, policy analyst at the nonprofit Privacy Rights Clearinghouse. "It’s a matter of having the proper protocols in place and enforcing them. A lot of times the protocols exist, and you don’t have the compliance. Typically, the failure is employee compliance."
The latest incident occurred just days after Rep. Tom Davis, R.-Va., reintroduced a bill that would require federal agencies who suffered a data breach to promptly notify victims, and have proper policies in place.
Dan Kaplan May 7 2007 18:05
The Transportation Security Administration (TSA) said today that it is investigating a missing external hard drive containing sensitive information of about 100,000 employees.
The hard drive, discovered missing from a controlled area at the federal agency on Thursday, contained the names, Social Security numbers, birth dates, bank account and routing data and payroll information of employees who worked for the agency between January 2002 and August 2005, TSA administrator Kip Hawley said in a notification letter to victims. Authorities are unsure whether the data was lost or stolen.
Hawley apologized to employees whose identity was exposed, but said the TSA has no reason to believe any of the information has been misused. Still, the agency promised to provide affected individuals with one year of free credit monitoring service.
"We are notifying you out of an abundance of caution at this early stage of the investigation given the significance of the information contained on the device," Hawley said. "We apologize that your information may be subject to unauthorized access, and I deeply regret this incident."
The FBI and U.S. Secret Service have opened criminal investigations, according to a separate statement.
The TSA said it has comprehensive data security policies in place and violators face "swift disciplinary action," including firing.
This is the second time in less than a year that the agency responsible for securing the nation’s airports was involved in a data breach.
Last September, a contractor accidentally mailed about 1,200 documents containing Social Security numbers of former TSA employees to incorrect addresses.
"It’s kind of ironic that the government agency charged with maintaining the security of our nation’s transportation system can’t manage the security of its own employees’ files," said Paul Stephens, policy analyst at the nonprofit Privacy Rights Clearinghouse. "It’s a matter of having the proper protocols in place and enforcing them. A lot of times the protocols exist, and you don’t have the compliance. Typically, the failure is employee compliance."
The latest incident occurred just days after Rep. Tom Davis, R.-Va., reintroduced a bill that would require federal agencies who suffered a data breach to promptly notify victims, and have proper policies in place.
Labels: Transportation Security Admin.
Tuesday, May 08, 2007
Probe launched into missing TSA hard drive
Probe launched into missing TSA hard drive
By Thomas Frank, USA TODAY
WASHINGTON — Federal authorities have launched a "full-blown criminal investigation" into the disappearance of a computer drive holding personal and banking records of 100,000 Transportation Security Administration employees, agency Administrator Kip Hawley said Monday.
"We're doing a full-court press on this," Hawley told TSA employees in a conference call that USA TODAY was able to listen to.
Hawley's comments downplayed the possibility that the portable hard drive had been lost from TSA headquarters in Arlington, Va., on Thursday. The TSA had said Friday that it was "unclear" whether the device was "still within headquarters or was stolen."
Agency spokeswoman Ellen Howe acknowledged Hawley's comments and added that "nothing has been ruled out," including the possibility the hard drive was lost.
On Monday, TSA employees questioned how the drive went missing and whether it would expose the identities of the thousands of armed air marshals, who ride undercover on airplanes to thwart terrorists. Air marshals, who are TSA employees, fear what someone could do with their names, birth dates and Social Security numbers — data that were on the hard drive.
FIND MORE STORIES IN: Transportation Security Administration | Probe | TSA | Law Enforcement Officers | Cris Soulia | External hard drives
"If that information is out there, it's very easy to find out who they are," said John Adler, executive vice president of the Federal Law Enforcement Officers Association, whose members include air marshals. Adler said terrorists could use personnel information to find where air marshals live, photograph them and disseminate the photos.
Hawley said air marshals' security "was one of our first concerns" but downplayed the risk to them. The TSA said on its website that "without extensive knowledge of TSA's human resource system, it is extremely difficult to determine what positions employees on the missing hard drive have."
The TSA has not ruled out the possibility that an insider took the drive.
Aviation-security consultant Rich Roth said the data theft "shouldn't affect the air marshals at all." Terrorists who are determined to spot air marshals can simply watch passengers boarding planes early, he said.
The FBI and Secret Service have joined the investigation, which began Thursday after employees in the TSA personnel office who frequently use the hard drive found it missing.
Howe, the TSA spokeswoman, said the drive is about the size of a desk telephone.
Paul Stephens, a policy analyst at the Privacy Rights Clearinghouse, a consumer advocacy group, questioned why a federal security agency would store sensitive information on "something that could be carried away in a briefcase" and not on a larger, less-portable device. External hard drives store data such as text files and photographs and are plugged into a computer.
Cris Soulia, a TSA screener in San Diego and a former Navy computer technician, said he was "dumbfounded" that the agency would store personnel records on a portable device.
"That's really irresponsible," Soulia said.
Howe declined to address why the records were stored on an external hard drive, saying it is "an element of an ongoing investigation."
Stephens said stealing hard drives "is a bit unusual" and usually indicates that "the purpose of the theft was to obtain the data." Many data breaches are the unintentional result of someone stealing a computer to sell it and the computer happens to hold personnel information, he said.
The clearinghouse has tracked hundreds of security breaches that exposed 154 million data records.
By Thomas Frank, USA TODAY
WASHINGTON — Federal authorities have launched a "full-blown criminal investigation" into the disappearance of a computer drive holding personal and banking records of 100,000 Transportation Security Administration employees, agency Administrator Kip Hawley said Monday.
"We're doing a full-court press on this," Hawley told TSA employees in a conference call that USA TODAY was able to listen to.
Hawley's comments downplayed the possibility that the portable hard drive had been lost from TSA headquarters in Arlington, Va., on Thursday. The TSA had said Friday that it was "unclear" whether the device was "still within headquarters or was stolen."
Agency spokeswoman Ellen Howe acknowledged Hawley's comments and added that "nothing has been ruled out," including the possibility the hard drive was lost.
On Monday, TSA employees questioned how the drive went missing and whether it would expose the identities of the thousands of armed air marshals, who ride undercover on airplanes to thwart terrorists. Air marshals, who are TSA employees, fear what someone could do with their names, birth dates and Social Security numbers — data that were on the hard drive.
FIND MORE STORIES IN: Transportation Security Administration | Probe | TSA | Law Enforcement Officers | Cris Soulia | External hard drives
"If that information is out there, it's very easy to find out who they are," said John Adler, executive vice president of the Federal Law Enforcement Officers Association, whose members include air marshals. Adler said terrorists could use personnel information to find where air marshals live, photograph them and disseminate the photos.
Hawley said air marshals' security "was one of our first concerns" but downplayed the risk to them. The TSA said on its website that "without extensive knowledge of TSA's human resource system, it is extremely difficult to determine what positions employees on the missing hard drive have."
The TSA has not ruled out the possibility that an insider took the drive.
Aviation-security consultant Rich Roth said the data theft "shouldn't affect the air marshals at all." Terrorists who are determined to spot air marshals can simply watch passengers boarding planes early, he said.
The FBI and Secret Service have joined the investigation, which began Thursday after employees in the TSA personnel office who frequently use the hard drive found it missing.
Howe, the TSA spokeswoman, said the drive is about the size of a desk telephone.
Paul Stephens, a policy analyst at the Privacy Rights Clearinghouse, a consumer advocacy group, questioned why a federal security agency would store sensitive information on "something that could be carried away in a briefcase" and not on a larger, less-portable device. External hard drives store data such as text files and photographs and are plugged into a computer.
Cris Soulia, a TSA screener in San Diego and a former Navy computer technician, said he was "dumbfounded" that the agency would store personnel records on a portable device.
"That's really irresponsible," Soulia said.
Howe declined to address why the records were stored on an external hard drive, saying it is "an element of an ongoing investigation."
Stephens said stealing hard drives "is a bit unusual" and usually indicates that "the purpose of the theft was to obtain the data." Many data breaches are the unintentional result of someone stealing a computer to sell it and the computer happens to hold personnel information, he said.
The clearinghouse has tracked hundreds of security breaches that exposed 154 million data records.
Labels: Transportation Security Admin.
