TSA Demands Encryption Following Dual Laptop Loss

TSA Demands Encryption Following Dual Laptop Loss
TSA Demands Encryption Following Dual Laptop Loss,1895,2199122,00.asp 

By Lisa Vaas
October 16, 2007 

All data must be encrypted, the TSA orders, after the loss of laptops 
holding hazmat driver data.

Following the loss and possible theft of two laptops containing the 
personal data of 3,930 truckers who handle hazardous materials, the 
Transportation Security Administration has mandated that contractors 
must encrypt any and all data on top of any deletion policies they have 
in place.

According to a letter the TSA sent to lawmakers on Oct. 12, the laptops 
- both of which belonged to a TSA contractor - contain names, addresses, 
birthdays, commercial driver's license numbers and, in some instances, 
Social Security numbers of the affected truckers.

First, one laptop was lost. At that time, the contractor, L-1 Identity 
Solutions' Integrated Biometric Technology division, told the TSA that 
the truckers' information had been deleted from the system, TSA Public 
Affairs Manager Ann Davis told eWEEK.

Then, another laptop disappeared. After the second theft or loss, the 
TSA conducted an IT forensic investigation that ascertained that the 
deleted information could be retrieved if a thief had the proper 

"So even though [there's only a] small chance of [the data being 
misused], we did notify all affected individuals and advised them of 
what steps to take to protect themselves, and we mandated that 
contractors need to encrypt any and all data in addition to any deletion 
procedures that might be in place," Davis said.

The TSA requires that all individuals who transport hazardous waste 
provide information for a security clearance in a program called the 
Hazardous Materials Endorsement Threat Assessment that's mandated under 
the Patriot Act.

This isn't the first time the TSA has found itself in data-breach hot 
water, and it isn't the agency's biggest data breach, by a long shot. On 
May 7, the agency announced that a hard drive containing personal 
information belonging to 100,000 government workers had been lost.

The TSA is also requiring Integrated Biometric Technology to provide 
free credit reporting to the affected individuals.

L-1 Identity Solutions couldn't immediately provide a spokesperson to 
give information to eWEEK on the incident.

CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - 

Site design & layout copyright © 1986-2015 CodeGods