Via scmagazineus.com -
The personal details of nearly 4,000 people – including commercial truck drivers who transport hazardous materials – were on two laptops stolen from a third-party contractor working with the Transportation Security Administration (TSA).
The laptops contain the names, addresses, birthdays, commercial driver's license numbers and, in some cases, the Social Security numbers, of 3,930 people, according to an Associated Press report.
The breach was disclosed in a letter to federal lawmakers, according to the AP.
The contractor told the agency that all personal information was deleted from the laptops, but TSA investigators found that an individual with data recovery skills could recover the personal information, according to published reports.
The contractor for the agency's Hazardous Materials Endorsement Threat Assessment program is LexisNexis, according to the AP report.
A TSA spokeswoman referred requests for comment to a prepared statement, which disclosed that the federal government notified all affected individuals and mandated that the contractor provide free credit monitoring and protection to all victims.
...
Avivah Litan, Gartner vice president and distinguished analyst, told SCMagazineUS.com today that the breach is especially appalling because it's the second such incident this year at an agency charged with securing U.S. airports and harbors.
“It's particularly egregious because they're the ones who are supposed to be looking out for threats, and here they are threatening these contractors by losing this information,” she said. “It's not a good thing for that data to be in the public domain.”
DHS earned a D grade on its latest Federal Information Security Management Act audit, announced in April.
Mary Monahan, partner and analyst at Javelin Strategy Group, told SCMagazineUS.com today that she's “getting really tired of [hearing about] instances [of data loss] involving laptops.”
“In 2006, 37 percent of all breaches involved laptops, so I don't know why we're not encrypting information on laptops,” she said. “You would think they would be up on this, and it's kind of discouraging that a department that's supposed to be looking out for security doesn't know how to protect the security of its own [licensees].”
--------------------
Why doesn't just mandate all contractors working in with the TSA to have full data encryption programs for laptops. This should be written in the SOW produced by the TSA...I just don't understand.
In addition, it is also important to verify that these programs are being used correctly and aren't just disabled in the system tray.
No comments:
Post a Comment