TSA fails to secure “trusted traveler” data.

8:59 am on August 6, 2008 | By Meghan Whelan | In data breach, laptop encryption, laptop security |

Yesterday, a missing laptop with the names of 33,000 people enrolled in the Clear program — the most popular airport “trusted traveller” program, was found at SFO Airport. The laptop belonged to an employee of the TSA-contracted security firm and is said to have contained, “personal information on applicants to the program, including names, address and birth dates, and in some cases driver’s license, passport or green card numbers.”

The good news is the laptop turned up in the same office it was reported stolen from. The bad news is the alleged theft has exposed the serious vulnerabilities of a trusted security program associated with a government agency.

In a statement, the company said the information on the laptop, which was originally reported stolen from its locked office, “is secured by two levels of password protection.” Beer called the fact that the personal information itself was not encrypted “a mistake” that the company would fix.

Not encrypted? What?

Even Anheuser-Busch, (a brewery for crying out loud,) knows better than that. When one of their laptops went missing last month, potentially exposing the personal information of over 150,000 current and former employees, many of those affected could breathe easier knowing the laptop was encrypted.

So, how does a public company charged with the task of filling America’s beer mugs have better security policy than a private company charged with securing America’s airports?

This goes back to ensuring that all contractors and vendors have a sound security policy before signing up with them and putting your information at risk.

Secondly, when the physical security of airline passengers is at stake, wouldn’t it be a good idea to have a Plan B that gives an agency the option to destroy data if a breach is suspected? If that laptop hadn’t turned up, or in the case that the laptop was stolen, breached and returned, the data contained within could make it easier for dangerous people to travel undetected. This puts anyone who travels by plane at risk.

Share/Save/Bookmark

 

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>