Security 101: Never put unencrypted sensitive information on a laptop and expect that it’s safe. Especially if you are the TSA. Recently, the TSA announced that a laptop was stolen from San Francisco International Airport containing “pre-enrollment records of approximately 33,000 customers” for the Clear Trusted Traveler Program. For $100 per year, the Clear Program enables travelers to get through airport security faster by showing TSA officers their Clear Registered Traveler Card and going through a special security line. While this program has no doubt saved many people valuable time getting through security, there are about 33,000 people who are now asking the question “Who has my personal information?”
[via schneier on security]
Edit: It looks like the laptop was found, however it is still unclear if the information on the laptop was compromised. In addition to basic personal information (Name, Address, Birthday, etc.), the laptop also contained drivers license, passport, green card information about clear users. You can check out the story here. Credits to [AudioCraz-Z] for the link.
A little late on the story…they found the laptop in the airport. Perhaps it was misplaced, and then reported stolen? In any regard, it doesn’t excuse the lack of encryption.
Haha, oh wow.
This is why these things are stored on secure file servers with inscription coming out the wazoo!
does anyone see the irony here?
Yes, the laptop was found back. So ? Are the data still trustworthy ? This administration is paranoiac enough to think terrorists would be ready to smuggle an uranium bomb into San Francisco but it looks improbable to them that they would steal a laptop for one hour and copy security pass informations ?
From my website:
“note to other companies who keep data like this, a simple rule of thumb:
“if you would lock your office door if your data were kept in a filing cabinet, then donât keep the data on a laptop.
“itâs as simple as that. somehow, people equate the ability to carry around a bunch of data with the need to carry around a bunch of data, and thatâs just plain wrong.”
Now all those “clear” names should be placed on the “bad list” since, obviously the data is compromised.
Ok, the notebook was found in the locked office it was “lost” in. Here is the story on /. http://yro.slashdot.org/article.pl?sid=08/08/06/1021225&from=rss
Basically, the notebook had no biometric data, that was all encrypted on servers. The notebook only had names, addresses and birthdates, and nothing else.
This is just another “fear story” spun out by some pathetic writer.
@6 No, they just need to re-certify those 33,000 people, and invalidate the old potentially-compromised cards. That will at least allow them to figure out whether the IDs were copied from the laptop. If those nominally compromised CLEAR cards ever show up, go the handcuffs.
=IF= the corresponding personal data was stored on the laptop, then yes, that WAS stupid.
[quote]@6 No, they just need to re-certify those 33,000 people, and invalidate the old potentially-compromised cards. That will at least allow them to figure out whether the IDs were copied from the laptop.[/quote]
These people are frequent travellers for whom time is money. Obviously the people who have these cards are part of the upper class of society (read: they are relatively rich (they still need to work :)). Their names and adresses and other personal information (might) have been copied by crooks.
If it happened to me, I would be righteously angry…
truecrypt
You know, we used to have a system like this in place at all international airports, but apparently it wasn’t effective enough. I think they were called ‘passports’ or something.
ahhhahahah, seriously what did they expect? i’m sure the thief knew exactly what kind of info that laptop contained and had been waiting for days for a chance to swipe one. it’s the biggest bullseye for hackers and a big jackpot for id thieves. anyone who bought into this Clear crap gets zero sympathy from me – sacrificing their privacy and paying a fee to pass me in check-in lines does have bigger implications on the rest of us, after all
Reminds me of a scene in Douglas Adams’ “Mostly Harmless”. There exists a security card which emcapsulates all possible forms of ID, including genetic and fingerprint samples, and your mother’s maiden name. Even if you have been (let’s say) transformed physically into a Ravenous Bug-Blatter Beast of Traal, you can still gain access to all parts of your life despite being a hideous creature bearing absolutely no resemblance to your former self.
Just don’t let it get stolen.
Yeah – a little late, as the laptop has been found. I don’t know what was actually on the laptop in terms of data, but it was found in the same ‘secure’ room that it disappeared from. Sounds like someone moved it.
What’s more interesting is that the laptop went missing about a week and a half ago – but no one told us when it was lost. It’s sort of scary to know that important stuff like that isn’t being reported immediately.
i wonder… instead of thieves trying to GET information, i wonder if someone has tried to INPUT new information… you know, so they can pass security and do their deeds.
just a thought, just a thought.
You’d think for high security information, and I’ve always found it funny is that they put it on something that can be picked up and carried out. If your going to leave laptops floating around slap a RFID too keep track of it.
If You Know the time the laptop was considered “stolen” would you just look at the time the files or folders were last opened?