- The Washington Times - Wednesday, August 6, 2008

A laptop computer containing the personal records of 33,000 customers in the Registered Traveler program that disappeared recently at the San Francisco International Airport has been recovered, but Homeland Security officials have suspended the company from enrolling new passengers pending an investigation and new security measures.

The laptop contained prescreening information for commercial airline passengers including addresses and birth dates, as well as driver’s license and passport numbers, and was reportedly stolen from a locked airport office July 26.

However, Verified Identity Pass (VIP), the company that operates the program at 20 airports, failed to notify Transportation Security Administration (TSA) about the security lapse until Sunday. Now the company says the computer was misplaced and that no personal information was retrieved from the system.

Despite the laptop’s recovery Tuesday, TSA officials told VIP to immediately notify all passengers affected and to stop using computers that are not encrypted in order to secure sensitive information.

“It was enough of a security risk for us to make this decision to suspend their operations,” said Christopher White, a TSA spokesman.

“Our office of inspections is reviewing the evidence in this case,” he said. “They are looking into the issue, and we want to make sure passengers’ information is protected.”

The Registered Traveler program operates at Ronald Reagan Washington National Airport and Washington Dulles International Airport, and allows frequent fliers to register with a program called CLEAR for access to a fast lane security check.

VIP said that a preliminary check of the recovered laptop shows it was not accessed from the time it disappeared to the time it was found, but that further forensic investigation is being conducted by law enforcement officials. VIP did not say how the laptop was recovered.

“We apologize for the confusion, but in an abundance of caution, we and TSA treated this unaccounted-for laptop as a serious potential breach. We’re glad to confirm that it was not,” said Steven Brill, VIP chief executive officer.

There are 180,000 travelers who have registered nationwide in the program, but only information pertaining to 33,000 people was on the laptop.

“That notification will now include the finding that no one attempted to access that information, let alone obtained it,” VIP said.

The information did not include credit card numbers or the applicant’s Social Security number. It also did not include any biometric information, such as the applicant’s encrypted fingerprint images or encrypted iris images, which are supplied during the second in-person enrollment process that takes place at the airport.

Although the computers were not encrypted, the information on the laptop was secured by two levels of password protection, VIP said.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide