The personal details of nearly 4,000 people – including commercial truck drivers who transport hazardous materials – were on two laptops stolen from a third-party contractor working with the Transportation Security Administration
The laptops contain the names, addresses, birthdays, commercial driver's license numbers and, in some cases, the Social Security numbers, of 3,930 people, according to an Associated Press report.
The breach was disclosed in a letter to federal lawmakers, according to the AP.
The contractor told the agency that all personal information was deleted from the laptops, but TSA investigators found that an individual with data recovery skills could recover the personal information, according to published reports.
Integrated Biometric Technology has been identified by the AP as the contractor from whom the laptops were stolen.
The company will provide one year of free credit monitoring to victims, according to the AP.
A TSA spokeswoman referred requests for comment to a prepared statement, which disclosed that the federal government notified all affected individuals and mandated that the contractor provide free credit monitoring and protection to all victims.
“TSA takes data security very seriously. The response to this incident is an example of the level of importance we give it,” the TSA said in a prepared statement. “Since this incident, TSA has mandated to all contractors that all data be encrypted in addition to normal deletion procedures already in place for contracts involving personally identifiable information.”
The TSA, a division of the U.S. Department of Homeland Security
(DHS), announced in May that it was investigating a missing external hard drive
containing the personal information of about 100,000 employees.
The hard drive contained the names, Social Security numbers, birth dates and bank account, routing and payroll information of employees who worked at the agency between January 2002 and August 2005.
Avivah Litan, Gartner
vice president and distinguished analyst, told SCMagazineUS.com today that the breach is especially appalling because it's the second such incident this year at an agency charged with securing U.S. airports and harbors.
“It's particularly egregious because they're the ones who are supposed to be looking out for threats, and here they are threatening these contractors by losing this information,” she said. “It's not a good thing for that data to be in the public domain.”DHS earned a D grade
on its latest Federal Information Security Management Act
audit, announced in April.
Mary Monahan, partner and analyst at Javelin Strategy Group
, told SCMagazineUS.com today that she's “getting really tired of [hearing about] instances [of data loss] involving laptops.”
“In 2006, 37 percent of all breaches involved laptops, so I don't know why we're not encrypting information on laptops,” she said. “You would think they would be up on this, and it's kind of discouraging that a department that's supposed to be looking out for security doesn't know how to protect the security of its own [licensees].”Update: The Associated Press reported on Wednesday that the third-party contractor from whom the laptops were stolen is Integrated Biometric Technology.