http://www.eweek.com/article2/0,1895,2199122,00.asp By Lisa Vaas eWeek.com October 16, 2007 All data must be encrypted, the TSA orders, after the loss of laptops holding hazmat driver data. Following the loss and possible theft of two laptops containing the personal data of 3,930 truckers who handle hazardous materials, the Transportation Security Administration has mandated that contractors must encrypt any and all data on top of any deletion policies they have in place. According to a letter the TSA sent to lawmakers on Oct. 12, the laptops - both of which belonged to a TSA contractor - contain names, addresses, birthdays, commercial driver's license numbers and, in some instances, Social Security numbers of the affected truckers. First, one laptop was lost. At that time, the contractor, L-1 Identity Solutions' Integrated Biometric Technology division, told the TSA that the truckers' information had been deleted from the system, TSA Public Affairs Manager Ann Davis told eWEEK. Then, another laptop disappeared. After the second theft or loss, the TSA conducted an IT forensic investigation that ascertained that the deleted information could be retrieved if a thief had the proper training. "So even though [there's only a] small chance of [the data being misused], we did notify all affected individuals and advised them of what steps to take to protect themselves, and we mandated that contractors need to encrypt any and all data in addition to any deletion procedures that might be in place," Davis said. The TSA requires that all individuals who transport hazardous waste provide information for a security clearance in a program called the Hazardous Materials Endorsement Threat Assessment that's mandated under the Patriot Act. This isn't the first time the TSA has found itself in data-breach hot water, and it isn't the agency's biggest data breach, by a long shot. On May 7, the agency announced that a hard drive containing personal information belonging to 100,000 government workers had been lost. The TSA is also requiring Integrated Biometric Technology to provide free credit reporting to the affected individuals. L-1 Identity Solutions couldn't immediately provide a spokesperson to give information to eWEEK on the incident. __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Tue Oct 16 2007 - 22:42:24 PDT