TSA Loses Hard Drive With Employee Data

Drive Containing Personal Information For About 100,000 Employees Goes Missing

(AP)  The Transportation Security Administration has lost a computer hard drive containing Social Security numbers, bank data and payroll information for about 100,000 employees.

Authorities realized Thursday the hard drive was missing from a controlled area at TSA headquarters. TSA Administrator Kip Hawley sent a letter to employees Friday apologizing for the lost data and promising to pay for one year of credit monitoring services.

"TSA has no evidence that an unauthorized individual is using your personal information, but we bring this incident to your attention so that you can be alert to signs of any possible misuse of your identity," Hawley wrote in the letter, which was obtained by The Associated Press. "We profoundly apologize for any inconvenience and concern that this incident has caused you."

The agency said it did not know whether the device is still within headquarters or was stolen.

TSA said it has asked the FBI and Secret Service to investigate and said it would fire anyone discovered to have violated the agency's data-protection policies.

In a statement released Friday night, the agency said the external — or portable — hard drive contained information on employees who worked for the Homeland Security agency from January 2002 until August 2005.

TSA, a division of the Homeland Security Department, employs about 50,000 people and is responsible for security of the nation's transportation systems, including airports and train stations.

---

Podcast: Keeping data safe with hard drive encryption

---

"It seems like there's a problem with security inside Homeland Security and that makes no sense," said James Slade, a TSA screener and the executive vice president of the National Treasury Employees Union chapter at John F. Kennedy International Airport. "That's scary. That's my identity. And now who has a hold of it? So many things go on in your mind."

The agency added a section to its Web site Friday night addressing the data security breach and directing people to information about identity theft.

Rep. Sheila Jackson Lee, D-Texas, whose Homeland Security subcommittee oversees the TSA, promised to hold hearings on the security breach. She said Homeland Security buildings are part of the critical infrastructure the agency is charged with protecting.

"We should expect it to be secure," she said.

House Homeland Security Committee Chairman Bennie G. Thompson, D-Miss., called the security breach "a terrible and unfortunate blow" for an agency he said already suffered from low morale.

It's the latest mishap for the government involving computer data. Last year, a laptop with information for more than 26.5 million military personnel, was stolen from a Veterans Affairs Department employee's home. Law enforcement officials recovered the laptop, and the FBI said Social Security numbers and other personal data had not been copied.

[michellem99-2009]

RandalDS is so right. If one does donate a computer I say pull the old hard drive out and put in a new one in its place reload the OS platform on the new hard drive then donate it. You got the old hard drive and you can beat it up with a hammer to damage as that is is unusable. That is an idea.
I stress fire wall and the works.
It is very very important that businesses do this and system adm,mangers know who has access to the data. No computer is crack proof.

[payasyougo]

The solution is simple.

1. Legislation to require all personal data be strongly encrypted.
2. $1000 per name fine for violation of encryption requirement.

2b. When it is the government that is at fault, it's a $1000 tax credit to each individual compromized.

[peaceforusa]

Did you all read about the site the Dept. Of Agriculture had online? They were posting SSN's right out in the open for the world to see. They have since taken down the site, but it had been out there for years until some women was searching online for information to her farm when she came across thousands of farm owners agricultural loan info. Now here is an example of pure stupidity on the part of our Government. No wonder there is so much ID theft and why terrorists are gaining ground and info in the USA and how ILLEGAL ALIENS are finding SSN's to steal. I am beginning to think the Federal Government is our worst enemy if they keep sensitve info on freakin laptops that can be easily stolen and agencies just post it on the net where anyone has access to it just by searching on google. These laptops should be handcuffed to the owners wrist to assure they aren't stolen. Hope the person(s) who committed this crime fries.

[randalds]

RandalDs has no idea what he is talking about. DHS isn't spying on anyone the NSA is. TSA is a part of DHS. The lap top was probably lost by one of the contractors that they have hired to do personal for them.
Posted by dakotahunt04 at 06:27 AM : May 05, 2007

I said same GOVERNMENT, not same agency. Oh and the last "s" is capitalized. Thank you.

As for data safety I have lots and lots and lots of security on my home computer and the same on my laptop (when I used to travel). Like many old computer geeks I'd like to think that I'm hack proof, but also like many old computer geeks I also know that no one really is. I do know that before I tossed my old laptop that I erased the hard drive and then exposed it to an industrial sized electromagnet (friend of mine works in a wreaking yard), just to be sure. After that I pulled the hard drive out and ran over it with my car a few times. I doubt anyone is getting anything off from it. Remember, never donate an old computer, destroy it completely.

[lastdance2]

Too many times, from the same area (Washington DC)
has personal information been stolen.

It's as if - it is always directed towards federal employees.
Including all veterans.

An excellent opportunity, for someone who wants to commit : Electronic Vote Fraud.

Why are former CIA operatives.
Now - carrying credentials.
Identifying them-selves as FBI investigators ????

Lastdance

[cfin5]

.... And further more, a kid that did'nt pay for a .48 cent candybar can't even get out of the door without all kinds of bells and whistles going off. And then getting his little canassticator chucked parallel to the concrete for such a dastardly deed!.....And your just going to fire them?......Why dont you simpletons just take all of our sensitive information and the deed to the United States while you are at it to Walmart for national security protection?? Save us some tax bucks how'bout it?...... Now the world gets to watch "another" public hearing chaired by some "Senator Elmer Fudd" types and hear them solemnly say,..."YEWW WASSKAWY TWAITOR YEWW!! WE ARE SO GONNA INCARCE'EWATE YEW IN THE VETEWANS HOSPITAW FOW THAT!".....Looney Toons could'nt up this terrible event if they tried.

[inventagod]

These people work for Gonzales, right?
Data storage? Memory?

[cfin5]

AGAIN???.....Taken from a "CONTROLLED AREA" at TSA HEADQUARTERS???.....We're so sorry that you could be "SQROOOOOWED" for the rest of your life financially that we will pay for "ONE YEAR",....yes folks!!!... THATS ONE FULL YEAR of FREE credit monitoring!! ( YAAAAAAAY! APPLAUSE!!!)...........You guys thuck.

[hypnotoad72]

When I travel with portables, I am mindful with them.

Accidents happen, thefts can happen, but there are - amongst other things - solutions to minimize loss AND encrypt localized data so if the laptop is lost, there's no problem... Some organizations also use Citrix, Windows Terminal Services, et cetera, over a secure VPN to prevent data from being leaked.

How much money is accorded their IT department to put in some infrastructure? Or is the work being offshored to India, which I doubt isn't as secure as ANY government institution that allows notebooks to frequently walk away from their owners.

[michellem99-2009]

I want that data safe as do every one. I live with a vet. I am a news hound that reads news on line. Yes the bloody dollar,a fast buck. This stealing of laptops hurts everyone. I am not in panic mode. There are systems that have not been updated for ages. Why I don't know. They know this so it happens. Won't step upto to the plate and fix it. The businesses need to use fire walls,change passwords,all the right things to keep their networks safe. IT is important for them to do a better job. They can but don't care.
I can see where it could be easy to download to disc /key if the system manager don't care. Their are people who try to break in to computers as that is all they do. Wake up and put a stop to this. The tools are there for the safegaurd their systems. Use them.

[rikedoid]

So what is a portable hard drive doing in an area that is supposedly secure? Glad to see the folks in charge get paid the big bucks to sweat the detailed p & p that protect us.

Do you feel safer now?

[tonic1661]

Can the government issue new social security numbers for the people whose identities were stolen?

It seemsthe credit reporting and government agencies could transfer all relevant data to these numbers and no one would have them.

Meanwhile, the credit reporting and government agencies can be on the lookout for the stolen numbers if anyone attempts to use them.

[hazelknows]

When the lap tops are missing everyone starts to panic. I'll bet stealing personal information is done on a weekly basis with disc's or thumb drives (memory sticks) by anyone looking to make some easy money. This happened at Los Alamos last December, this person was caught by the FBI by mistake, by a drug raid on a roommate at their trailer home revealed the stolen government data. Whether its government or personal data, this happen way too much.

[michellem99-2009]

It seems every time we turn around there is a laptop/notebook computer that goes missing. That ia just plain dumb or worse. So where the bitlock that should be on them or the systems adm/manager when this happens.Why are they not keeping track of them. The people who over see this. I am just a home user here,but some body is not doing their job to safe gaurd the systems.In the wrong hands we have no idea of who can access the data on the hard drive. They should get UNABLE TO GRANT ACCESS or something along the lines. It sound like inside issue. RandalDS hit the nail on the head.Systems adm/managers need to step upto the plate and know who has them and where they are at all times .The computers they use.

[dakotahunt04]

RandalDs has no idea what he is talking about. DHS isn't spying on anyone the NSA is. TSA is a part of DHS. The lap top was probably lost by one of the contractors that they have hired to do personal for them.

[randalds]

Bunch of morons! And this is the same government who wants to spy on us and promises they'll keep the information private? The more they know about private citizens the more damage they can do, both accidentally and on purpose. They already know more about the people then they have a right to and they WILL abuse that information. When they don't just scre*w up and lose it that is! Who's running this government anyway? The Keystone Kops? Or better yet Abbot (Bush) and Costello (Cheney) ruin a Nation! The Marx brothers could do a better job then this crop of republicans! Hell Karl Marx could!

[canyoutellme-2009]

oops!