BreachExchange mailing list archives
TSA "redress" site exposed 247
From: Chris Walsh <chris () cwalsh org>
Date: Sat, 12 Jan 2008 22:38:56 -0600
There's been some attention to a TSA site that collected a large amount of PII, and was discovered by Chris Soghoian to be grossly insecure. According to House Oversight and Government Reform Committee report (http://oversight.house.gov/documents/20080111092648.pdf ): "TSA also contacted the individuals who had submitted their personal information through the unsecured 'file your application online' link to inform them that they were at a heightened risk of identity theft." (p. 8) Earlier in the report (p. 7) it is stated that 'At least 247 travelers submitted their personal information through the unsecured “file your application online” link'. The report (p. 6) also states that name, address, Social Security numbers, eye color, place of birth, and other sensitive personal information were asked for on the submission page of the TSA's site. I think it is fair to conclude that this is a breach affecting the TSA (and their contractor, Desyne Web Services) involving at least 247 people. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- TSA "redress" site exposed 247 Chris Walsh (Jan 12)