TSA "redress" site exposed 247

[Chris Walsh <chris () cwalsh org>]

There's been some attention to a TSA site that collected a large  
amount of PII, and was discovered by Chris Soghoian to be grossly  
insecure.

According to House Oversight and Government Reform Committee report 
(http://oversight.house.gov/documents/20080111092648.pdf 
):

"TSA also contacted the individuals who had submitted their personal  
information through the unsecured 'file your application online'
link to inform them that they were at a heightened risk of identity  
theft." (p. 8)

Earlier in the report (p. 7) it is stated that 'At least 247 travelers  
submitted their personal information through the unsecured “file your  
application online” link'.

The report (p. 6) also states that name, address, Social Security  
numbers, eye color, place of birth, and other sensitive personal  
information were asked for on the submission page of the TSA's site.

I think it is fair to conclude that this is a breach affecting the TSA  
(and their contractor, Desyne Web Services) involving at least 247  
people.







_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml