TSA hard drive with employee data missing

The FBI is investigating a data-security breach at the Transportation Security Administration involving the bank records and other personal data of 100,000 employees, including airport screeners and federal air marshals.

“This is considered serious,” a Homeland Security official said on the condition of anonymity. “We’ve turned this place upside-down today to find the missing laptop.”

However, the agency released a statement referring to the missing item as an external hard drive, and said officials on Thursday became aware it was missing from a controlled security area at the headquarters of its Office of Human Capital.

The files on the hard drive include the archived records of employees and their Social Security numbers, dates of birth, financial allotments and payroll information.

The TSA, which is responsible for securing U.S. airports and airline flights against terrorist hijackings, said last night it “immediately reported the incident to senior Department of Homeland Security and law-enforcement officials and launched an investigation.”

“TSA is treating this incident as a criminal matter and has asked the FBI to investigate,” it said. “The U.S. Secret Service is also assisting in the forensic review of equipment and facilities. TSA is cooperating fully.”

Yesterday, the agency began notifying all affected employees with instructions on how to protect against identity fraud. A letter from TSA Administrator Kip Hawley said the agency will pay for a credit monitoring service for one year, which includes all three national credit bureau reports, fraud alerts, detection of fraudulent activity and identify theft, and fraud resolution and assistance.

“TSA has no evidence that an unauthorized individual is using your personal information, but we bring this incident to your attention so that you can be alert to signs of any possible misuse of your identity,” Mr. Hawley states in the letter. “We are notifying you out of an abundance of caution at this early stage of the investigation given the significance of the information contained on the device. We apologize that your information may be subject to unauthorized access, and I deeply regret this incident.”

The agency said it will take “swift disciplinary action, including dismissal, against individuals found to be in violation of our [data-protection] procedures.”