Slashdot Mirror

← Back to Stories (view on slashdot.org)

TSA Loses Hard Drive With Personnel Info

Posted by CowboyNeal on from the living-up-to-their-name dept.

WrongSizeGlass writes "A portable hard drive containing personnel data for former and current employees, went missing from a controlled area at the TSA. From the article: 'The Transportation Security Administration has lost a computer hard drive containing Social Security numbers, bank data and payroll information for about 100,000 employees.'"

15 of 123 comments (clear)

  1. Encrypted ? by messner_007 · · Score: 3, Insightful

    There is no problems if the disc was encrypted ...

    1. Re:Encrypted ? by Tuoqui · · Score: 4, Insightful

      Encryption is not undefeatable.

      The entire idea behind encryption is to make it difficult/impossible to the casual hacker. If someone were dedicated to get into the information contained within however it would only be a matter of two variables... Time and Processing power.

      Encryption is not a silver bullet to any and all security problems, it just mitigates some of the risk. If they cant crack the encryption within 20 years then most of the info would be useless by then. If they can do it in 3 months then its a problem...

      --
      09F911029D74E35BD84156C5635688C0
      +2 Troll is Slashdot's way of saying groupthink is confused
    2. Re:Encrypted ? by inviolet · · Score: 2, Insightful

      The entire idea behind encryption is to make it difficult/impossible to the casual hacker. If someone were dedicated to get into the information contained within however it would only be a matter of two variables... Time and Processing power.

      Brute-forcing is for chumps. (Well, assuming your average chump has a grid computer and a few years to spare). Real Men use social engineering to get secret keys.

      The TSA has a notoriously shallow understanding of security, because they need to put on a demonstration of security that ordinary people -- who don't understand it either -- will find calming. So you just know that the TSA is plenty vulnerable to the "Hi I'm from IT" call to the receptionist.

      --
      FATMOUSE + YOU = FATMOUSE
    3. Re:Encrypted ? by 8ball629 · · Score: 2, Insightful

      I'm sure whoever stole it knows what it was mounted to previously.

  2. Wait... by JustinVanHorne · · Score: 1, Insightful
    A portable hard drive... is missing?

    The agency said it did not know whether the device is still within headquarters or was stolen. This doesn't make much sense. Why would you report a secuirty *breach* if you aren't even sure if it was stolen? It seems sort of bad-business like to worry someone right when something *might have* gone wrong.
  3. Its just another statement that if you.... by 3seas · · Score: 3, Insightful

    ... have a digital identification, and most everyone does, you have to be alert to possible wrongful use of it by others.

    Considering all the past digital leaks, I got wonder who hasn't had information on them digitally leaked?

  4. Captain Obvious says : by witte · · Score: 5, Insightful

    Maybe using Social Security numbers for just about everything isn't such a good idea.

  5. And in the UK today too by AmIAnAi · · Score: 5, Insightful
    A BBC article disclosed that a laptop had been stolen that contained Marks & Spencer employee details

    From the BBC article:

    Salary details, addresses, dates of birth, national insurance and phone numbers were on the machine which was stolen from a printing firm.
    It is now too easy for huge quantities of private data to be carried around on laptops and memory sticks, often by people who do not understand the consequnces of failing to protect that data. Companies need to be held to account when data is lost.
    --
    Any sufficiently advanced bug is indistinguishable from a feature.
  6. Physical Security by Detritus · · Score: 2, Insightful

    Even if you have decent physical security, some items will attract thieves. Anything shiny and portable is likely to walk out the door. A portable disk drive is a good example of a thief magnet.

    --
    Mea navis aericumbens anguillis abundat
  7. The problem isn't using the SSNs by MarkByers · · Score: 3, Insightful

    Using Social Security Numbers for everything isn't such a bad idea. It is a convenient way to identify someone, since it is guaranteed to be unique. The problem comes when the SSN is the only piece of information you need to take control over someone's life. There should be some more basic checks put in place to ensure the person is who they claim to be. An example could be mailing the person at their last known address and asking them to send a letter back with an authorised signature on a document that explains what is about to happen. When these basic checks are missing, it is no wonder it is so easy to steal another person's identity.

    --
    I'll probably be modded down for this...
  8. Portable HDD? by bulliver · · Score: 5, Insightful

    There's your problem. I can see the allure of using a portable drive, in that you can easily move the data around from computer to computer, but really, we have a better way to move the data: The bloody network! That HDD should have been screwed into a locked case mounted in a rack bolted to the floor of a securely locked room.

    --
    Support the mob or mysteriously disappear.
  9. some people never learn by Isaac-Lew · · Score: 4, Insightful
    Why would this information even on a portable drive? And why would it not be encrypted?

    This is why I try not to use my Social Security number for identification purposes anymore. I really should try to figure out who has it & what I can do to reduce the use of it.

  10. Re:Disk Encryption by tomstdenis · · Score: 2, Insightful

    or not wander around with an HD with sensitive data on it? That's just mental. That data should be housed only in a secure facility with only remote secure access to it.

    It's plain stupidity and lazyness that compels people to defy the simplest rules of security.

    Tom

    --
    Someday, I'll have a real sig.
  11. Re:It's astounding.. by mikkelm · · Score: 2, Insightful

    Any system that could leave hundreds of thousands of private records anywhere but in a centralised and secured database seems pretty bad to me. Luckily anything else is against the law where I'm from.

  12. Re:You can't make this stuff up, folks by chill · · Score: 2, Insightful

    If that does happen -- and hasn't already -- you will NEVER see a story on it. The reporter that runs that will find every lead, every contact and every story from the gov't sector totally dry up. Press credentials would be revoked and they'd probably get a "random" audit from the IRS, along with the census fill-it-all-out-or-go-to-prison long form. They'd be lucky if they could get a local dog catcher to talk to them.

    --
    Learning HOW to think is more important than learning WHAT to think.