amps
Aug 5, 08, 12:15 pm
Here's another "Clear" theft.
http://cbs5.com/local/tsa.security.clear.2.788083.html
http://cbs5.com/local/tsa.security.clear.2.788083.html
Newsstand - Security Breached At SFO Due To Stolen Laptop
View Full Version : Security Breached At SFO Due To Stolen Laptop
xyzzy
Aug 5, 08, 12:38 pm
T.S.A. spokesperson Ann Davis told CBS an unencrypted computer storing the personal information on the cards went missing from SFO on July 26th.What were they doing storing customer information like that? :confused: This is another CLEAR reason to avoid the company and its non-services.
goalie
Aug 5, 08, 1:10 pm
What were they doing storing customer information like that? :confused: This is another CLEAR reason to avoid the company and its non-services.wait-it gets better......
T.S.A. spokesperson Ann Davis told CBS an unencrypted computer storing the personal information on the cards went missing from SFO on July 26th, but the agency was not notified until Sunday.so it was stupidity and stupidity. unencrypted data and 24 hours before they decided to fess-up on the screw up. another reason no to spend the $100 on clear.
also-perhaps move this to travel safety & security
T.S.A. spokesperson Ann Davis told CBS an unencrypted computer storing the personal information on the cards went missing from SFO on July 26th, but the agency was not notified until Sunday.so it was stupidity and stupidity. unencrypted data and 24 hours before they decided to fess-up on the screw up. another reason no to spend the $100 on clear.
also-perhaps move this to travel safety & security
xyzzy
Aug 5, 08, 1:13 pm
Ya know -- I get warm fuzzy feelings every time I read about TSA Spokeshole Ann Davis (http://en.wikipedia.org/wiki/Ann_B._Davis). :p :D :p
goalie
Aug 5, 08, 3:22 pm
and now for the tsa spin.......:rolleyes:
http://www.tsa.dhs.gov/press/releases/2008/0804.shtm
TSA Suspends Verified Identity Pass, Inc. ClearŪ Registered Traveler Enrollment
Press Release
TSA Public Affairs
(571) 227-2829
WASHINGTON - The Transportation Security Administration (TSA) announced today that it is suspending Verified Identity Pass, Inc. (VIP) - the company that operates Registered Traveler (RT) programs under the brand name ClearŪ - from enrolling new applicants in RT due to vulnerabilities discovered in the company's storage of ClearŪ applicants' sensitive personal information. The vulnerabilities came to light after an unencrypted VIP laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26. The computer contained pre-enrollment records of approximately 33,000 customers.
TSA has instructed SFO to ensure that VIP immediately notifies the individuals impacted. In addition, SFO and all other airports using ClearŪ have been instructed to ensure that VIP: suspends enrollment, ceases use of any unencrypted computers and secures the devices until encryption can be installed. TSA requires RT service providers and sponsoring entities to encrypt all files containing participants' sensitive personal information. Noncompliance with such requirements can result in actions including suspension of a program and possible civil penalties.
The suspension will protect consumers waiting to enroll in RT and allow VIP to bring its procedures into compliance. VIP will be required to submit an independent audit, verifying that the required security measures are in place. TSA will verify the audits before enrollment procedures can resume. Verified Identity Pass, Inc. will be responsible for notification and resolution surrounding this incident.
Current ClearŪ customers will not be affected by this action and will not experience any disruption when using Registered Traveler.
TSA is contacting all RT service providers to reaffirm proper security measures are in place, including encryption of sensitive personal information of participants. TSA remains committed to partnerships with private sector entities that enhance the safety and convenience of the flying public.
http://www.tsa.dhs.gov/press/releases/2008/0804.shtm
TSA Suspends Verified Identity Pass, Inc. ClearŪ Registered Traveler Enrollment
Press Release
TSA Public Affairs
(571) 227-2829
WASHINGTON - The Transportation Security Administration (TSA) announced today that it is suspending Verified Identity Pass, Inc. (VIP) - the company that operates Registered Traveler (RT) programs under the brand name ClearŪ - from enrolling new applicants in RT due to vulnerabilities discovered in the company's storage of ClearŪ applicants' sensitive personal information. The vulnerabilities came to light after an unencrypted VIP laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26. The computer contained pre-enrollment records of approximately 33,000 customers.
TSA has instructed SFO to ensure that VIP immediately notifies the individuals impacted. In addition, SFO and all other airports using ClearŪ have been instructed to ensure that VIP: suspends enrollment, ceases use of any unencrypted computers and secures the devices until encryption can be installed. TSA requires RT service providers and sponsoring entities to encrypt all files containing participants' sensitive personal information. Noncompliance with such requirements can result in actions including suspension of a program and possible civil penalties.
The suspension will protect consumers waiting to enroll in RT and allow VIP to bring its procedures into compliance. VIP will be required to submit an independent audit, verifying that the required security measures are in place. TSA will verify the audits before enrollment procedures can resume. Verified Identity Pass, Inc. will be responsible for notification and resolution surrounding this incident.
Current ClearŪ customers will not be affected by this action and will not experience any disruption when using Registered Traveler.
TSA is contacting all RT service providers to reaffirm proper security measures are in place, including encryption of sensitive personal information of participants. TSA remains committed to partnerships with private sector entities that enhance the safety and convenience of the flying public.
Dhamal
Aug 5, 08, 10:49 pm
TSA = Totally Stupid Assignment
callie-girl
Aug 6, 08, 12:40 am
What company, operating any type of program that holds details of clients, would willfully put that information on an unencrypted system?
I've been in a bit of a fuss over registering. A friend who travels at least twice as often as I do and works with security issues is registered in one of the programs (damned if I can remember which one right now) and she was touting the program to me as the next best thing to the departure lounge.
Besides the fact that I don't want my fingerprints out there any more than absolutely necessary and even an iris scan doesn't appeal to me, giving another entity my personal information sits wrong.
This report may have just nailed that door shut for me.
I've been in a bit of a fuss over registering. A friend who travels at least twice as often as I do and works with security issues is registered in one of the programs (damned if I can remember which one right now) and she was touting the program to me as the next best thing to the departure lounge.
Besides the fact that I don't want my fingerprints out there any more than absolutely necessary and even an iris scan doesn't appeal to me, giving another entity my personal information sits wrong.
This report may have just nailed that door shut for me.
KSinNYC
Aug 6, 08, 4:02 pm
Chertoff was just on the local news last night, speaking from a press conference in San Jose, talking about how the DHS just cracked an international ring of credit card information thieves...
malsf1
Aug 6, 08, 5:04 pm
For convenience, I signed up for CLEAR earlier this year. At first I was reluctant to give yet another entity my personal information, but then I thought about the credit card companies, insurance companies, the CA DMV and others having so much of my perisonal information passing in front of so many eyes, that I decided I was no worse off giving it to CLEAR. However, I also have a service which puts a quarterly fraud alert on my files at the credit reporting agencies. I don't know how effective that is, but it does offer a little peace of mind. I am bewildered how a laptop with so much personal information would not be more tightly controlled and monitored.
xyzzy
Aug 7, 08, 8:12 am
I am bewildered how a laptop with so much personal information would not be more tightly controlled and monitored.That's an easy one to answer. The company you entrusted your personal information to cares a lot more about your money than about your data.
malsf1
Aug 7, 08, 9:44 am
That's an easy one to answer. The company you entrusted your personal information to cares a lot more about your money than about your data.
Perhaps, and I suspect that only a little hand slapping will occur as a result.
Perhaps, and I suspect that only a little hand slapping will occur as a result.
GoingAway
Aug 7, 08, 9:59 am
Perhaps, and I suspect that only a little hand slapping will occur as a result.
back slapping more like ... there will be no repercussions is my guess.
back slapping more like ... there will be no repercussions is my guess.