[Dataloss] TSA "redress" site exposed 247
Chris Walsh
chris at cwalsh.org
Sun Jan 13 04:38:56 UTC 2008
There's been some attention to a TSA site that collected a large
amount of PII, and was discovered by Chris Soghoian to be grossly
insecure.
According to House Oversight and Government Reform Committee report (http://oversight.house.gov/documents/20080111092648.pdf
):
"TSA also contacted the individuals who had submitted their personal
information through the unsecured 'file your application online'
link to inform them that they were at a heightened risk of identity
theft." (p. 8)
Earlier in the report (p. 7) it is stated that 'At least 247 travelers
submitted their personal information through the unsecured “file your
application online” link'.
The report (p. 6) also states that name, address, Social Security
numbers, eye color, place of birth, and other sensitive personal
information were asked for on the submission page of the TSA's site.
I think it is fair to conclude that this is a breach affecting the TSA
(and their contractor, Desyne Web Services) involving at least 247
people.
More information about the Dataloss
mailing list