jawa.mee.nu

May 05, 2007

TSA Suits Lose Employees' Personal Data

In a balls-up that will have a familiar ring to anyone who has worn the uniform of a Transportation Security Administration officer, someone at TSA headquarters has managed to lose a hard drive containing the personal information, including Social Security numbers, for 100,000 employees:

Authorities realized Thursday the hard drive was missing from a controlled area at TSA headquarters. TSA Administrator Kip Hawley sent a letter to employees Friday apologizing for the lost data and promising to pay for one year of credit monitoring services....
In a statement released Friday night, the agency said the external - or portable - hard drive contained information on employees who worked for the Homeland Security agency from January 2002 until August 2005.

TSA employs about 50,000 people. That should give you an idea of the turnaround at this vital agency. While the uniformed TSA screeners were carefully selected (11 out of 12 applicants were rejected when TSA was formed), the "exemp" non-uniformed employees were often not carefully chosen. Many cushy slots were filled through cronyism.

Uniformed TSA personnel must requalify every six months in a grueling, weeklong process of "recertify or hit the road." The "command" personnel have no such requirement, and, indeed, are not even certified to watch the exit doors at airports.

Or even watch what the hell is going on in their office environments...

Previously in the saga of the TSA Executive Service.

Posted by: Bluto at 09:08 AM | Comments (4) | Add Comment
Post contains 238 words, total size 2 kb.

1 As a 20+ year veteran of the computer industry, this sort of thing always disturbs me. In a competently designed IT infrastructure, this sort of data simply wouldn't be stored on any sort of laptop at any time what so ever - period. End of story. The laptop would be acting as a terminal for a mainframe, or running a Client/Server app that wasn't capable of storing anything locally.

The government needs to operate with the same level of paranoia commercial insurance companies and banks used to operate with. Back in the 80's and 90's we (I was with IBM in Boca at the time) produced machines that were medialess because the banks and insurance companies demanded it for data security reasons. I recall that BofA even had us put special code into DOS and BIOS to support the medialess models they were buying.

Simply put, this is bullshit and heads need to roll, and keep rolling until such time as someone who doesn't have their head firmly inserted in their butt is found who can architect and implement a competent data security plan.

Posted by: Purple Avenger at May 05, 2007 08:48 PM (n3ziw)

2 Laptops can be encrypted. OS and all.

Posted by: Howie at May 05, 2007 09:26 PM (YHZAl)

3 Maybe someone wanted the info to be stolen as to not expose certain employees....just my take,,,,

Posted by: allahakchew at May 06, 2007 10:05 AM (BrndJ)

4 With 100,000 names in it. It could be allahdickchews little black, black book.

Posted by: greyrooster at May 06, 2007 10:30 PM (+aKL7)

Hide Comments | Add Comment

Comments are disabled. Post is locked.

30kb generated in CPU 0.5749, elapsed 0.5752 seconds.
34 queries taking 0.5491 seconds, 159 records returned.
Powered by Minx 1.1.6c-pink.

Search Thingy

May 05, 2007

Recent Comments