TSA Finds "Stolen" Laptop in TSA Office
At the beginning of the week, the TSA announced that a laptop containing the personal information of passengers enrolled in its fast track screening program had been stolen. However, in what appears to be a case of “Where did you have it last ?” the laptop has been found in the office it was apparently stolen from.
The laptop went missing over a week ago from an office in San Francisco International Airport,
however TSA officials claim they weren’t notified until Sunday. The computer contained names, addresses, birth dates and some driver’s license numbers and passport numbers for some 33,000 people enrolled in the Clear program. Clear is a system that allows passenger access to special fast-track security lines in the airport, avoiding some of the longer queues.
When the laptop was stolen a lot of people asked the same question, was the information encrypted ? No, apparently it wasn’t. The information was encrypted on the server, however the laptop was protected only by a two level password system.
So, how did it get back into the office from which it was stolen ? Allison Beer, Senior VP of corporate development at Clear said the laptop was stolen from a locked office. Although it turned up in the same office, it was not in the same location it was in when it went missing. Beer told the San Francisco Chronicle that if someone was returning the laptop, they would need a key to do so. So that leaves us with two options, either someone who worked there pinched it/brought it home by accident or they didn’t look hard enough when they found out it was missing.
The TSA is passing the buck to Verify Identity, the company in charge of the Clear program. The Administration says the information should have been encrypted and the program has been suspended pending an audit.
While the TSA is no doubt glad to have the machine back what most people are asking is who stole it and why there wasn’t any surveillance cameras monitoring an office that warranted being locked all of the time ? Instead of breathing a sigh of relief that the unencrypted laptop has returned, they should probably be taking a look into where it went. Perhaps Homeland Security just took it for a walk ?
- No Linux for U.S. Lenovo Netbook - Only XP
- Jobs Appoints New Head of MobileMe
- America Movil to Offer iPhone in Ten More Countries this Month
- Carmack: PCs Not Important As Consoles
- IRobot Unveils Security Robot
- Nokia And Microsoft In Alliance To Make Zune Phone?
- Logitech Gives Mac Owners Dedicated Keyboard
- Possibly Your Best Defense Against Malware: A Cloud Service
- Icahn Joins Yahoo Board, Turning Up Heat For Deal
- Nvidia licenses Transmeta power management tech
- CherryPal's $250 PC delayed
- Graphics wars: The big summer battle
- Intel graphics update: Ray-tracing the way to go for game developers?
- Microsoft Revises Memory Placement in Latest Xbox 360 Hardware
- AMD Announces Two New Professional Graphics Accelerators
- Dell Claims Carbon Neutrality
- CERN Ready To Test Fire Its Time Machine On September 10
- Graphics Wars: The Big Summer Battle
The Transportation Security Administration (TSA) continues to investigate the circumstances surrounding the loss of a Clear®- owned laptop computer on July 26 that contained unencrypted data of approximately 33,000 customers. TSA has verified that a laptop was discovered by Clear® officials yesterday at San Francisco International Airport (SFO). It was voluntarily surrendered to TSA officials for forensic examination.
TSA?s regulatory role in this matter is as follows: Every commercial airport is required to have an approved airport security plan. So Register Traveler is part of that comprehensive plan at the airports where it operates. Under the airport security plan, the sponsoring entity, (SFO in this case) is required to assure its vendors have an approved information security program. Because the computer at SFO was not encrypted it is in violation of the airport?s security plan.
TSA also has the ability to go directly to vendors when the plan is not being adhered to so TSA is conducting a broad review of all Registered Traveler providers? information systems and data security processes to ensure compliance with security regulations.
Clear® needs to meet the information security requirements that they agreed to as part of the Register Traveler program before their enrollment privileges will be reinstated. Encryption is the wider issue as opposed to one incident with one laptop. So for now, Clear® enrollments remain curtailed.
Current customers will not experience any disruption when using Registered Traveler.
TSA Eos Blog Team