Laptop containing 33,000 Clear users information stolen

Security 101: Never put unencrypted sensitive information on a laptop and expect that it’s safe. Especially if you are the TSA. Recently, the TSA announced that a laptop was stolen from San Francisco International Airport containing “pre-enrollment records of approximately 33,000 customers” for the Clear Trusted Traveler Program. For $100 per year, the Clear Program enables travelers to get through airport security faster by showing TSA officers their Clear Registered Traveler Card and going through a special security line. While this program has no doubt saved many people valuable time getting through security, there are about 33,000 people who are now asking the question “Who has my personal information?”

[via schneier on security]

Edit: It looks like the laptop was found, however it is still unclear if the information on the laptop was compromised. In addition to basic personal information (Name, Address, Birthday, etc.), the laptop also contained drivers license, passport, green card information about clear users. You can check out the story here. Credits to [AudioCraz-Z] for the link.

Comments

  1. Bobdiya says:

    A little late on the story…they found the laptop in the airport. Perhaps it was misplaced, and then reported stolen? In any regard, it doesn’t excuse the lack of encryption.

  2. epicelite says:

    Haha, oh wow.
    This is why these things are stored on secure file servers with inscription coming out the wazoo!

  3. serifus says:

    does anyone see the irony here?

  4. Iv says:

    Yes, the laptop was found back. So ? Are the data still trustworthy ? This administration is paranoiac enough to think terrorists would be ready to smuggle an uranium bomb into San Francisco but it looks improbable to them that they would steal a laptop for one hour and copy security pass informations ?

  5. bill eccles says:

    From my website:

    “note to other companies who keep data like this, a simple rule of thumb:

    “if you would lock your office door if your data were kept in a filing cabinet, then don’t keep the data on a laptop.

    “it’s as simple as that. somehow, people equate the ability to carry around a bunch of data with the need to carry around a bunch of data, and that’s just plain wrong.”

  6. Omar R. says:

    Now all those “clear” names should be placed on the “bad list” since, obviously the data is compromised.

  7. AudioCra-Z says:

    Ok, the notebook was found in the locked office it was “lost” in. Here is the story on /. http://yro.slashdot.org/article.pl?sid=08/08/06/1021225&from=rss

    Basically, the notebook had no biometric data, that was all encrypted on servers. The notebook only had names, addresses and birthdates, and nothing else.

    This is just another “fear story” spun out by some pathetic writer.

  8. MacMarty says:

    @6 No, they just need to re-certify those 33,000 people, and invalidate the old potentially-compromised cards. That will at least allow them to figure out whether the IDs were copied from the laptop. If those nominally compromised CLEAR cards ever show up, go the handcuffs.

    =IF= the corresponding personal data was stored on the laptop, then yes, that WAS stupid.

  9. Peter de Vroomen says:

    [quote]@6 No, they just need to re-certify those 33,000 people, and invalidate the old potentially-compromised cards. That will at least allow them to figure out whether the IDs were copied from the laptop.[/quote]

    These people are frequent travellers for whom time is money. Obviously the people who have these cards are part of the upper class of society (read: they are relatively rich (they still need to work :)). Their names and adresses and other personal information (might) have been copied by crooks.

    If it happened to me, I would be righteously angry…

  10. tiuk says:

    truecrypt

  11. M4CGYV3R says:

    You know, we used to have a system like this in place at all international airports, but apparently it wasn’t effective enough. I think they were called ‘passports’ or something.

  12. matt says:

    ahhhahahah, seriously what did they expect? i’m sure the thief knew exactly what kind of info that laptop contained and had been waiting for days for a chance to swipe one. it’s the biggest bullseye for hackers and a big jackpot for id thieves. anyone who bought into this Clear crap gets zero sympathy from me – sacrificing their privacy and paying a fee to pass me in check-in lines does have bigger implications on the rest of us, after all

  13. BlueNight says:

    Reminds me of a scene in Douglas Adams’ “Mostly Harmless”. There exists a security card which emcapsulates all possible forms of ID, including genetic and fingerprint samples, and your mother’s maiden name. Even if you have been (let’s say) transformed physically into a Ravenous Bug-Blatter Beast of Traal, you can still gain access to all parts of your life despite being a hideous creature bearing absolutely no resemblance to your former self.

    Just don’t let it get stolen.

  14. Charlie says:

    Yeah – a little late, as the laptop has been found. I don’t know what was actually on the laptop in terms of data, but it was found in the same ‘secure’ room that it disappeared from. Sounds like someone moved it.

    What’s more interesting is that the laptop went missing about a week and a half ago – but no one told us when it was lost. It’s sort of scary to know that important stuff like that isn’t being reported immediately.

  15. AU518987077 says:

    i wonder… instead of thieves trying to GET information, i wonder if someone has tried to INPUT new information… you know, so they can pass security and do their deeds.
    just a thought, just a thought.

  16. Befread says:

    You’d think for high security information, and I’ve always found it funny is that they put it on something that can be picked up and carried out. If your going to leave laptops floating around slap a RFID too keep track of it.

  17. Devon says:

    If You Know the time the laptop was considered “stolen” would you just look at the time the files or folders were last opened?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,369 other followers