TSA Hard Drive With Employee Data Is Reported Stolen

["Richard M. Smith" <rms () computerbytesman com>]

http://www.washingtonpost.com/wp-dyn/content/article/2007/05/04/AR2007050402
152_pf.html

TSA Hard Drive With Employee Data Is Reported Stolen

By Spencer S. Hsu
Washington Post Staff Writer
Saturday, May 5, 2007; A09

The FBI and the Secret Service have opened a criminal investigation into the
apparent theft of a computer hard drive containing personal, payroll and
bank information of 100,000 current and former workers with the
Transportation Security Administration, including airport security officers
and federal air marshals, the TSA said yesterday.

In a written statement released after business hours, the TSA said it
learned Thursday that the drive was missing from a secure area of its human
resources office at its Crystal City headquarters.

The TSA employs about 50,000 people, including 43,000 airport guards and
thousands of air marshals, who are federal law enforcement officers.

A TSA spokesman said the loss occurred in recent days and will not pose a
significant risk of security breaches in sensitive areas patrolled by
workers at airports, ports and rail yards. Access to such areas requires
additional credentials that use unique physical identifiers such as
fingerprints, said the official, who spoke on the condition of anonymity to
discuss security protocols.

The hard drive, which contained payroll data from January 2002 to August
2005, included employee names, Social Security numbers, birth dates, and
bank account and routing information.

The TSA began notifying employees of the loss at the close of business
yesterday "out of an abundance of caution," offering free credit-monitoring
services and advising workers to alert their financial institutions.

"TSA has no evidence that an unauthorized individual is using your personal
information, but we bring this incident to your attention so that you can be
alert to signs of any possible misuse of your identity," stated the letter,
signed by TSA Administrator Kip Hawley. "We apologize that your information
may be subject to unauthorized access, and I deeply regret this incident."

The episode is the latest high-profile data theft to strike the government
or the private sector, although its impact on a domestic security agency
with law enforcement responsibilities may pose added risks.

CardSystems Solutions and the owner of retail chains T.J. Maxx and Marshalls
have disclosed large breaches of credit card information on millions of
consumers.

The Department of Veterans Affairs lost a laptop last year with information
for more than 26.5 million military personnel, although it was recovered
with no evidence of copying. Since 2003, 19 federal agencies have reported
788 incidents of data theft or loss, affecting thousands of employees and
the public.

Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security
Committee, said he was briefed by the department, adding, "For an agency
suffering from morale problems, this is a terrible and unfortunate blow."

The panel will probably hold hearings, said Rep. Sheila Jackson-Lee
(D-Tex.), who chairs a subcommittee overseeing the TSA. "This organization
responsible for the nation's security has had a massive security breach.
Whether it is known what the breach was or how it occurred, it did occur and
this raises enormous concerns," Lee said. "We will be in a posture of
quickly looking for answers."

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.