TSA Hard Drive With Employee Data Is Reported Stolen

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: Richard M. Smith <rms () computerbytesman com>

http://www.washingtonpost.com/wp-dyn/content/article/2007/05/04/AR2007050402152_pf.html

TSA Hard Drive With Employee Data Is Reported Stolen

By Spencer S. Hsu
Washington Post Staff Writer
Saturday, May 5, 2007; A09

The FBI and the Secret Service have opened a criminal investigation into 
the apparent theft of a computer hard drive containing personal, payroll 
and bank information of 100,000 current and former workers with the 
Transportation Security Administration, including airport security 
officers and federal air marshals, the TSA said yesterday.

In a written statement released after business hours, the TSA said it 
learned Thursday that the drive was missing from a secure area of its 
human resources office at its Crystal City headquarters.

The TSA employs about 50,000 people, including 43,000 airport guards and 
thousands of air marshals, who are federal law enforcement officers.

A TSA spokesman said the loss occurred in recent days and will not pose a 
significant risk of security breaches in sensitive areas patrolled by 
workers at airports, ports and rail yards. Access to such areas requires 
additional credentials that use unique physical identifiers such as 
fingerprints, said the official, who spoke on the condition of anonymity 
to discuss security protocols.

The hard drive, which contained payroll data from January 2002 to August 
2005, included employee names, Social Security numbers, birth dates, and 
bank account and routing information.

The TSA began notifying employees of the loss at the close of business 
yesterday "out of an abundance of caution," offering free 
credit-monitoring services and advising workers to alert their financial 
institutions.

"TSA has no evidence that an unauthorized individual is using your 
personal information, but we bring this incident to your attention so that 
you can be alert to signs of any possible misuse of your identity," stated 
the letter, signed by TSA Administrator Kip Hawley. "We apologize that 
your information may be subject to unauthorized access, and I deeply 
regret this incident."

The episode is the latest high-profile data theft to strike the government 
or the private sector, although its impact on a domestic security agency 
with law enforcement responsibilities may pose added risks.

CardSystems Solutions and the owner of retail chains T.J. Maxx and 
Marshalls have disclosed large breaches of credit card information on 
millions of consumers.

The Department of Veterans Affairs lost a laptop last year with 
information for more than 26.5 million military personnel, although it was 
recovered with no evidence of copying. Since 2003, 19 federal agencies 
have reported 788 incidents of data theft or loss, affecting thousands of 
employees and the public.

Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security 
Committee, said he was briefed by the department, adding, "For an agency 
suffering from morale problems, this is a terrible and unfortunate blow."

The panel will probably hold hearings, said Rep. Sheila Jackson-Lee 
(D-Tex.), who chairs a subcommittee overseeing the TSA. "This organization 
responsible for the nation's security has had a massive security breach. 
Whether it is known what the breach was or how it occurred, it did occur 
and this raises enormous concerns," Lee said. "We will be in a posture of 
quickly looking for answers."
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 207 million compromised records in 646 incidents over 7 years.