http://www.mercurynews.com/politics/ci_6388676 By TED BRIDIS Associated Press Writer 07/16/2007 WASHINGTON -- The Transportation Security Administration did not follow White House instructions to protect sensitive information on a computer hard drive containing bank and payroll data for 100,000 employees that was discovered missing, the agency acknowledged to Congress. Authorities realized in May the storage device, an external hard drive, was missing from TSA headquarters. In a letter to Rep. Ed Markey, D-Mass., the agency said the drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave data, bank account and routing information, and details about financial allotments and deductions. The TSA said it was still conducting an administrative review of the loss but already had disciplined some employees. It did not provide details. The agency earlier said it would fire anyone discovered to have violated the agency's data-protection policies. The information on the missing drive was not protected with encryption or any electronic security technology, the TSA said. However, the White House Office of Management and Budget last summer ordered all sensitive data encrypted on laptops or portable devicesincluding handheld devicesif they were carried outside secure areas. The lack of any encryption means any computer user who connects the drive to a laptop or desktop PC can view all the information without any special software tools. "TSA dropped the ball when they chose to ignore recommendations set forth by OMB to encrypt sensitive information," said Rep. Bennie Thompson, D-Miss., the chairman of the Homeland Security Committee. "This is not a technological problem but a management one." The TSA said its Office of Inspection is investigating the missing hard drive with help from the FBI and Secret Service, but it remains unclear whether the drive was lost or stolen. There have been no reports of fraudulent credit activity involving employees whose information was vulnerable, the agency said. The TSA said roughly 27,000 employees signed up for one year of credit-monitoring services it agreed to pay for. The TSA wrote earlier this month to Markey, a member of the Homeland Security Committee, and the letter was obtained Monday by The Associated Press. Copyright 2007 San Jose Mercury News _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jul 16 2007 - 22:49:39 PDT