TSA Loses Laptops With ‘Verified’ Flyer Details

TSA didn’t lose the laptop, a private company called Clear, who runs a Registered Traveler program, lost the laptop with their customers’ info on it. Here’s a portion of the press release on TSA’s website:

WASHINGTON - The Transportation Security Administration (TSA) announced today that it is suspending Verified Identity Pass, Inc. (VIP) - the company that operates Registered Traveler (RT) programs under the brand name Clear® - from enrolling new applicants in RT due to vulnerabilities discovered in the company’s storage of Clear® applicants’ sensitive personal information. The vulnerabilities came to light after an unencrypted VIP laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26. The computer contained pre-enrollment records of approximately 33,000 customers.

Here’s the link to the whole thing.

http://www.tsa.gov/press/releases/2008/0804.shtm

Absolutely correct, lynn. It was also mentioned on the link I provided.

Thanks for the comment.

The Transportation Security Administration (TSA) continues to investigate the circumstances surrounding the loss of a Clear®- owned laptop computer on July 26 that contained unencrypted data of approximately 33,000 customers. TSA has verified that a laptop was discovered by Clear® officials yesterday at San Francisco International Airport (SFO). It was voluntarily surrendered to TSA officials for forensic examination.

TSA’s regulatory role in this matter is as follows: Every commercial airport is required to have an approved airport security plan. So Register Traveler is part of that comprehensive plan at the airports where it operates. Under the airport security plan, the sponsoring entity, (SFO in this case) is required to assure its vendors have an approved information security program. Because the computer at SFO was not encrypted it is in violation of the airport’s security plan.

TSA also has the ability to go directly to vendors when the plan is not being adhered to so TSA is conducting a broad review of all Registered Traveler providers’ information systems and data security processes to ensure compliance with security regulations.

Clear® needs to meet the information security requirements that they agreed to as part of the Register Traveler program before their enrollment privileges will be reinstated. Encryption is the wider issue as opposed to one incident with one laptop. So for now, Clear® enrollments remain curtailed.

Current customers will not experience any disruption when using Registered Traveler.

Bob

TSA EoS Blog Team

Hi Bob.
Very interesting to see some of the traffic on this issue.

“Current customers will not experience any disruption when using Registered Traveler.”

..you mean no *additional* disruption, of course.

Thanks for the comment.

Lefty,

Thanks for allowing me to post this on your blog. Have a great weekend.

Blogger Bob