[ISN] TSA hard drive with employee data missing

From: InfoSec News (alerts@private)
Date: Sun May 06 2007 - 23:08:49 PDT


http://washingtontimes.com/national/20070504-110814-4615r.htm

By Audrey Hudson
THE WASHINGTON TIMES
May 5, 2007

The FBI is investigating a data-security breach at the Transportation 
Security Administration involving the bank records and other personal 
data of 100,000 employees, including airport screeners and federal air 
marshals.
    
"This is considered serious," a Homeland Security official said on the 
condition of anonymity. "We've turned this place upside-down today to 
find the missing laptop."
    
However, the agency released a statement referring to the missing item 
as an external hard drive, and said officials on Thursday became aware 
it was missing from a controlled security area at the headquarters of 
its Office of Human Capital.
    
The files on the hard drive include the archived records of employees 
and their Social Security numbers, dates of birth, financial allotments 
and payroll information.
    
The TSA, which is responsible for securing U.S. airports and airline 
flights against terrorist hijackings, said last night it "immediately 
reported the incident to senior Department of Homeland Security and 
law-enforcement officials and launched an investigation."
    
"TSA is treating this incident as a criminal matter and has asked the 
FBI to investigate," it said. "The U.S. Secret Service is also assisting 
in the forensic review of equipment and facilities. TSA is cooperating 
fully."
    
Yesterday, the agency began notifying all affected employees with 
instructions on how to protect against identity fraud. A letter from TSA 
Administrator Kip Hawley said the agency will pay for a credit 
monitoring service for one year, which includes all three national 
credit bureau reports, fraud alerts, detection of fraudulent activity 
and identify theft, and fraud resolution and assistance.
    
"TSA has no evidence that an unauthorized individual is using your 
personal information, but we bring this incident to your attention so 
that you can be alert to signs of any possible misuse of your identity," 
Mr. Hawley states in the letter. "We are notifying you out of an 
abundance of caution at this early stage of the investigation given the 
significance of the information contained on the device. We apologize 
that your information may be subject to unauthorized access, and I 
deeply regret this incident."
    
The agency said it will take "swift disciplinary action, including 
dismissal, against individuals found to be in violation of our 
[data-protection] procedures."
    

__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Sun May 06 2007 - 23:25:51 PDT