followup: TSA Demands Encryption Following Dual Laptop Loss

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.eweek.com/article2/0,1895,2199122,00.asp

By Lisa Vaas
eWeek.com
October 16, 2007

All data must be encrypted, the TSA orders, after the loss of laptops 
holding hazmat driver data.

Following the loss and possible theft of two laptops containing the 
personal data of 3,930 truckers who handle hazardous materials, the 
Transportation Security Administration has mandated that contractors must 
encrypt any and all data on top of any deletion policies they have in 
place.

According to a letter the TSA sent to lawmakers on Oct. 12, the laptops - 
both of which belonged to a TSA contractor - contain names, addresses, 
birthdays, commercial driver's license numbers and, in some instances, 
Social Security numbers of the affected truckers.

First, one laptop was lost. At that time, the contractor, L-1 Identity 
Solutions' Integrated Biometric Technology division, told the TSA that the 
truckers' information had been deleted from the system, TSA Public Affairs 
Manager Ann Davis told eWEEK.

Then, another laptop disappeared. After the second theft or loss, the TSA 
conducted an IT forensic investigation that ascertained that the deleted 
information could be retrieved if a thief had the proper training.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml