Slashdot Mirror

← Back to Stories (view on slashdot.org)

TSA Loses Hard Drive With Personnel Info

Posted by CowboyNeal on from the living-up-to-their-name dept.

WrongSizeGlass writes "A portable hard drive containing personnel data for former and current employees, went missing from a controlled area at the TSA. From the article: 'The Transportation Security Administration has lost a computer hard drive containing Social Security numbers, bank data and payroll information for about 100,000 employees.'"

15 of 123 comments (clear)

  1. Encrypted ? by messner_007 · · Score: 3, Insightful

    There is no problems if the disc was encrypted ...

    1. Re:Encrypted ? by cp.tar · · Score: 3, Funny

      All your files are belong to us?

      --
      Ignore this signature. By order.
    2. Re:Encrypted ? by Tuoqui · · Score: 4, Insightful

      Encryption is not undefeatable.

      The entire idea behind encryption is to make it difficult/impossible to the casual hacker. If someone were dedicated to get into the information contained within however it would only be a matter of two variables... Time and Processing power.

      Encryption is not a silver bullet to any and all security problems, it just mitigates some of the risk. If they cant crack the encryption within 20 years then most of the info would be useless by then. If they can do it in 3 months then its a problem...

      --
      09F911029D74E35BD84156C5635688C0
      +2 Troll is Slashdot's way of saying groupthink is confused
  2. Its just another statement that if you.... by 3seas · · Score: 3, Insightful

    ... have a digital identification, and most everyone does, you have to be alert to possible wrongful use of it by others.

    Considering all the past digital leaks, I got wonder who hasn't had information on them digitally leaked?

  3. Captain Obvious says : by witte · · Score: 5, Insightful

    Maybe using Social Security numbers for just about everything isn't such a good idea.

  4. And in the UK today too by AmIAnAi · · Score: 5, Insightful
    A BBC article disclosed that a laptop had been stolen that contained Marks & Spencer employee details

    From the BBC article:

    Salary details, addresses, dates of birth, national insurance and phone numbers were on the machine which was stolen from a printing firm.
    It is now too easy for huge quantities of private data to be carried around on laptops and memory sticks, often by people who do not understand the consequnces of failing to protect that data. Companies need to be held to account when data is lost.
    --
    Any sufficiently advanced bug is indistinguishable from a feature.
  5. Re:Wait... by Anonymous Coward · · Score: 3, Informative

    Are you stoned? Theyve lost control of important data that was supposed to be secure. Thats a security breach.

  6. The problem isn't using the SSNs by MarkByers · · Score: 3, Insightful

    Using Social Security Numbers for everything isn't such a bad idea. It is a convenient way to identify someone, since it is guaranteed to be unique. The problem comes when the SSN is the only piece of information you need to take control over someone's life. There should be some more basic checks put in place to ensure the person is who they claim to be. An example could be mailing the person at their last known address and asking them to send a letter back with an authorised signature on a document that explains what is about to happen. When these basic checks are missing, it is no wonder it is so easy to steal another person's identity.

    --
    I'll probably be modded down for this...
  7. Ha! Ha! by mobby_6kl · · Score: 3, Funny

    Now they'll experience how it feels to be on the receiving end of violation of privacy!

  8. Portable HDD? by bulliver · · Score: 5, Insightful

    There's your problem. I can see the allure of using a portable drive, in that you can easily move the data around from computer to computer, but really, we have a better way to move the data: The bloody network! That HDD should have been screwed into a locked case mounted in a rack bolted to the floor of a securely locked room.

    --
    Support the mob or mysteriously disappear.
  9. Put Management's Data In The Databases by NeverVotedBush · · Score: 3, Interesting

    Why does it take a data breach happening to some organization to get them to decide to protect information?

    Maybe a law should be made that any organization that is trusted with public data be forced to imbed all of their CEO's, CFO's, other officers, management, and shareholder's data in the same databases.

    I know that the reason all this data keeps getting exposed is because management would rather save money instead of training their IT staff (if they need it) or just giving them the time to implement good, safe, data handling practices. Put their data on the line too and let's see how they decide about safe data handling practices.

  10. some people never learn by Isaac-Lew · · Score: 4, Insightful
    Why would this information even on a portable drive? And why would it not be encrypted?

    This is why I try not to use my Social Security number for identification purposes anymore. I really should try to figure out who has it & what I can do to reduce the use of it.

  11. This bears repeating by lawpoop · · Score: 3, Funny

    Wayne Madsen is maintaining a chart of data thefts of personal information. He lists 3 or 4 dozens thefts. He believes these thefts are an attempt to populate the Total Information Awareness databases.

    Never ascribe to incompetence what can be explained by malice, I guess.

    --
    Computers are useless. They can only give you answers.
    -- Pablo Picasso
  12. supposed to be unique, not always by davidwr · · Score: 3, Interesting

    SS#s are supposed to be unique. They aren't recycled.

    Every now and then you find out about a SS# that is not unique. The SS office issues new number to one or both individuals and mea culpas all around. See this news story for one example.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  13. Why was this on a portable HD in the first place? by wwphx · · Score: 5, Informative

    I've been in gov't IT for 15 years, this should never have left the server farm. If it had to be on a portable device, it should have been a laptop and heavily encrypted, not that I can see a good reason to give anyone that info. The retirement planning people can make do with very little info.

    --
    When you sympathize with stupidity, you start thinking like an idiot.