Former TSA workers' data exposed

September 6, 2006

By Thomas Frank, USA TODAY

The Transportation Security Administration is warning 1,195 of its former employees that a contractor may have mailed their Social Security numbers and birth dates to the wrong addresses and left them open to identity fraud.

The error, acknowledged in letters the TSA mailed in late August to each of the former employees, is the latest in a series of data breaches that may have exposed workers in both private and government jobs to identity thieves.

"Making a mistake like this is abominable," said Beth Givens, director of the Privacy Rights Clearinghouse, an advocate for consumer privacy. "You've got an agency whose mission is security."

The TSA is part of the Homeland Security Department. Its 55,000 employees primarily run airport security.

TSA spokeswoman Amy von Walter said the breach was "an administrative error, and the contractor has taken steps to ensure it's not repeated."

Accenture, a contractor that handles TSA personnel, sent 1,195 documents to the wrong former employees during a recent mailing, according to a letter signed by Richard Whitford, TSA assistant administrator for human capital.

The documents were standard forms that are sent to employees after they leave the government. The forms often list an employee's Social Security number, birth date and salary. It's unclear how many forms had that information.

A Social Security number and birth date can enable a thief to get a credit card fraudulently, Givens said. The odds of that happening in the TSA data breach are "very low," she added, because the forms ended up in the hands of other TSA employees. The TSA, she said, is "a closed community that has very strong security values." The TSA said 244 of the wrongly addressed letters were returned to the agency unopened.

The TSA checks all job applicants' criminal and credit histories, eliminating those with criminal records or whose finances may make them susceptible to bribes or coercion.

The agency encouraged former employees to put a fraud alert on their credit files. An alert requires creditors to contact a person before a new credit account is opened in his or her name. There is no charge for the service.

People don't have to pay for fraudulent charges on their credit as long as creditors are alerted in a timely manner. Clearing up credit records can take "hundreds of hours," Givens said.

In May, the records of millions of veterans were potentially compromised when a laptop was stolen from the home of a Department of Veterans Affairs employee.

Last year a congressional probe found the TSA improperly stored 100 million records containing personal information on passengers after the agency said no data storage would occur.

main page ATTRITION feedback