Already a member?
Sign in
| Version | User | Scope of changes |
|---|---|---|
| Aug 10 2008, 7:56 PM EDT (current) | jimglab | 347 words added |
| Aug 10 2008, 7:55 PM EDT | jimglab |
Changes
Key: Additions Deletions
Vendor lost a laptopwith passenger data in it
The Transportation Security Administration said it has suspended enrollments in the Clear Registered Traveler (RT) program operated by Verified Identity Pass, Inc. (VIP). The order came after an incident at San Francisco International Airport that cast doubts on the ability of the security-oriented company to protect its own secure information. TSA said one of the company’s unencrypted laptop computers was found to be missing from its offices at SFO – and that computer contained personal pre-enrollment information on 33,000 persons who have applied to join the Clear program. TSA said it wants VIP immediately to notify all those individuals of the problem. “SFO and all other airports using Clear have been instructed to ensure that VIP suspends enrollment, ceases use of any unencrypted computers and secures the devices until encryption can be installed,” TSA said. “TSA requires RT service providers and sponsoring entities to encrypt all files containing participants’ sensitive personal information. Noncompliance with such requirements can result in actions including suspension of a program and possible civil penalties.” The agency said VIP will have to submit an independent audit showing that the required security steps have been taken, and the company won’t be allowed to start signing up new members until TSA verifies that audit. The agency didn’t estimate how long that might take. “Current Clear customers will not be affected by this action, and will not experience any disruption when using Registered Traveler,” TSA said.
According to a San Francisco TV station, the personal information on the 33,000 applicants included their names, addresses, birth dates, and in some cases, driver’s license and passport numbers. Shortly after the TSA’s action, Verified Identity Pass said it had recovered the missing laptop. The company said it appeared that no one had accessed the laptop’s data in the time it was missing, and noted that the data was protected by two levels of passwords. The company said it has suspended enrollments as the TSA ordered, and that it is working on the required security fixes, which should be completed “within days.”
