[Dataloss] followup: TSA Demands Encryption Following Dual Laptop Loss
security curmudgeon
jericho at attrition.org
Wed Oct 17 05:48:06 UTC 2007
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://www.eweek.com/article2/0,1895,2199122,00.asp
By Lisa Vaas
eWeek.com
October 16, 2007
All data must be encrypted, the TSA orders, after the loss of laptops
holding hazmat driver data.
Following the loss and possible theft of two laptops containing the
personal data of 3,930 truckers who handle hazardous materials, the
Transportation Security Administration has mandated that contractors must
encrypt any and all data on top of any deletion policies they have in
place.
According to a letter the TSA sent to lawmakers on Oct. 12, the laptops -
both of which belonged to a TSA contractor - contain names, addresses,
birthdays, commercial driver's license numbers and, in some instances,
Social Security numbers of the affected truckers.
First, one laptop was lost. At that time, the contractor, L-1 Identity
Solutions' Integrated Biometric Technology division, told the TSA that the
truckers' information had been deleted from the system, TSA Public Affairs
Manager Ann Davis told eWEEK.
Then, another laptop disappeared. After the second theft or loss, the TSA
conducted an IT forensic investigation that ascertained that the deleted
information could be retrieved if a thief had the proper training.
[..]
More information about the Dataloss
mailing list