Missing laptop grounds US Registered Traveler program

by Grant Gross
Be the first to comment | 4I like it!
Tags: encryption, identity theft, privacy
More »
on this topic
August 5, 2008, 01:36 PM —  IDG News Service — 

The U.S. Transportation Security Administration (TSA) has temporarily stopped a vendor from signing up new customers for its Registered Traveler program after a company laptop containing the unencrypted personal data of 33,000 people went missing at the San Francisco International Airport.

The laptop, owned by vendor Verified Identity Pass (VIP), contained personal records of customers seeking to enroll in the company's Registered Traveler program. VIP, under the brand Clear, is one of seven vendors authorized by TSA to offer Registered Traveler programs, which allow frequent air travelers to have background checks completed before they travel so that they can spend less time in security lines at airports.

VIP began notifying customers of the breach late Monday, when the TSA announced it had occurred.

The VIP laptop was reported missing July 26, the TSA said. The agency, late Tuesday, said it was suspending new enrollment in VIP's Registered Traveler program while the company takes steps to comply with TSA's security requirements. The TSA requires Registered Traveler vendors to encrypt personal data, said TSA spokeswoman Ann Davis.

"We did set up some security standards in the beginning, and encryption was critical," Davis added.

The laptop, which had two layers of password protection, was housed in a locked office with security cameras, VIP said. The laptop contained customer names, addresses, birth dates, and in some cases driver's license numbers, passport numbers or alien registration numbers, the company said.

The laptop did not contain credit card or Social Security numbers, or biometric information such as fingerprints, VIP said.

"We don't believe the security or privacy of these would-be members will be compromised in any way," VIP CEO Steven Brill said in a statement. "But out of an abundance of caution, and in keeping with a policy of always leveling with our members, we wanted to issue this warning regardless of which state law may or may not require it."

A VIP spokeswoman said the company expects the suspension of its Clear program to last about five days. She didn't answer a question asked by e-mail about why the information on the laptop was unencrypted.

VIP has about 200,000 Registered Traveler customers, and it operates at 17 airports, including airports in or near New York City; Washington, D.C.; Los Angeles; Denver; and San Jose, California. The TSA's Registered Traveler program has been operating since 2005.

VIP will be required to submit an independent audit, verifying that required security measures are in place, the TSA said. The agency will verify the audits before VIP can resume its Registered Traveler program, Davis added.

VIP is also offering affected customers free identity theft protection, the company said.

IDG News Service

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
Free books

Build your tech library with our book giveaways.

Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne

The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
Marketplace