Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 05/14/07 web stories

Cybereye | Another week, another leak

By William Jackson

This time it is the Transportation Security Administration, which earlier this month noticed that an external hard drive containing the personnel records of 100,000 current and former employees from 2002 to 2005 had gone missing. As of this writing, nobody knows what happened to it and the disappearance is being treated as a criminal investigation.

One of the first things that struck me about this story was that the TSA, which has about 50,000 employees, had managed to accumulate personnel records on at least 100,000 people. That indicates a 100 percent turnover in its workforce in a little more than three years. Apparently, the agency is not likely to end up on anyone’s list of best places to work any time soon. Or maybe they offer a really great early severance package.

But more to the point, the incident reinforces the need for agencies to protect IT systems and the data they contain. It has been said before, but apparently it needs saying again. Since the beginning of this year, agencies have reported 11 incidents (including the most recent loss) of the theft, loss or exposure of personal data for at least 660,000 people, according to a chronology maintained by the Privacy Rights Clearinghouse. The data was kept on tapes, hard drives and up to 100 missing laptops; posted on Web sites and printed on envelopes.

We know of these incidents because it has become standard practice for agencies to alert the persons who might be affected by such losses, resulting in effect in public disclosure. As far as this goes, it is a good thing.

“You don’t want to punish them for the disclosure,” said Pam Johnston, a former federal prosecutor who managed prosecution of computer intrusion cases as an Assistant U.S. Attorney. She now is in private practice with Foley and Lardner LLP in Los Angeles. “What concerns me more is that data was being kept on an external drive.”

The problem with hard drives is that they often have fewer security features than laptops that so often go missing.

More news on related topics: IT Security, Data Management, Hardware, Homeland Security



GCN Popup