[ISN] Transportation Department Laptop Stolen

From: InfoSec News (alerts@private)
Date: Wed Aug 09 2006 - 22:28:52 PDT


http://www.washingtonpost.com/wp-dyn/content/article/2006/08/09/AR2006080901177.html

By Christopher Lee and Del Quentin Wilber
Washington Post Staff Writers
August 9, 2006

A laptop computer belonging to the federal Department of
Transportation inspector general's office was stolen last month,
putting the sensitive personal information of nearly 133,000 Florida
residents at risk, Acting Inspector General Todd J. Zinser said today.

The laptop, assigned to a special agent in the Miami office, was
stolen from a government vehicle on July 27 in Doral, Fla., Zinser
told Florida Gov. Jeb Bush (R) today in a letter obtained by The
Washington Post.

The computer contains the names, Social Security numbers, birthdates
and addresses of 42,792 Florida residents who hold a pilot's license;  
80,667 people in the Miami-Dade County area who hold commercial
driver's licenses; 9,496 people who took personal driver's license
tests or obtained their license from an examining facility near Tampa,
the letter said.

"While we do not have reason to believe that the perpetrators targeted
the laptop based on any knowledge of its data contents, we are
nonetheless taking all possible steps to inform Florida residents,"  
Zinser wrote. "We will be working with members of Congress, federal
agencies, state and local agencies, the news media, and trucking and
aviation organizations to further ensure that the individuals are
aware of the situation and of the steps they may take to protect
themselves from misuse of their personal information."

Zinser wrote that a team of special agents has been dispatched to the
Miami area to work with Miami-Dade police in investigating what
happened to the laptop. A reward will be offered for its return, he
wrote.

"We regret this matter and take our responsibilities seriously,"  
Zinser wrote. "We have taken action and will continue to take steps
necessary to prevent this from happening again."

The department has posted information about the data breach, including
a toll free number for the public to call, on its Web site The theft
is just the latest in a string of embarrassing data breaches reported
by a wide variety of federal agencies.

The highest profile incident of its kind was a May 3 burglary at the
home of a Department of Veterans Affairs data analyst. Thieves made
off with a laptop and external hard drive containing the names,
birthdates, and Social Security numbers of as many as 26.5 million
veterans and active duty service members, raising fears of mass
identity theft. The computer equipment was later recovered and two men
were arrested and charged with the burglary last week.

Authorities do not believe the sensitive data had been accessed. The
department took a public relations hit for its handling of the
incident, including a nearly three week delay in disclosing the theft
to Congress and the public.

The bad news has kept coming at the Department of Veterans Affairs.  
The department announced yesterday that a desktop computer containing
sensitive personal information for as many as 38,000 patients at VA
hospitals in Pennsylvania had gone missing from a VA contractor's
Reston office.

Some of the data breaches are new, and some are merely newly disclosed
as the high-profile VA case pressured agency officials to come clean
about security lapses. In recent weeks, data breaches involving
hundreds to thousands of people have been disclosed at the Department
of Agriculture, the Department of Energy, the Department of the Navy,
the Social Security Administration and the Internal Revenue Service.

An Office of Management and Budget official testified in early June
that federal agencies experience dozens of smaller-scale information
security breaches every year, often involving government issued
laptops that are lost or stolen while on business travel or when taken
home.

Chris Dancy, a spokesman for the Aircraft Owners and Pilots
Association, said that the Florida theft concerned his group, which
represents more than 400,000 pilots.

"Exactly in the same way that the loss of the VA computer caused
concerns for members of the military and veterans, we are very
concerned anytime there is the possibility of identity theft involving
our members or airmen in general," he said.

Zinser wrote that he learned of the laptop theft on July 31, but was
unaware that the computer contained sensitive personal information on
Florida residents until Saturday, when the IG's office began
investigating exactly what was in the laptop and dispatched its agents
to Florida.

He did not notify Florida lawmakers or the governor until today, after
the Washington Post called the IG's office to inquire about a tip
about the theft.

In 2005, the Department of Transportation earned a C-minus on the
annual federal computer security report card compiled by the House
Government Reform Committee. The government-wide average for 2005 was
a D-plus, but there were wide variations -- the Social Security
Administration got an A-plus, while the departments of Defense and
Homeland Security earned F's.

The report card measures compliance with the 2002 Federal Information
Security Management Act, which requires agencies to test their
systems, develop cyber-security plans and report on their progress.

2006 The Washington Post Company


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Aug 09 2006 - 22:40:16 PDT