Missing Laptop Found, TSA Suspension Continues
The San Francisco Chronicle reported that the Transportation Security Administration is continuing to suspend a San Francisco airport fast pass program, called Clear, from enrolling new members for failure to meet security compliance standards. The suspension will remain in effect until the program updates its security protocol regarding customer data.
The unencrypted program member data contained in the laptop included some personal information, such as name, address, phone numbers and birth dates, as well as drivers' license, greencard and passport information.
However the enrollee information did not include financial data often used in identity theft such as credit card information or Social Security numbers. It also did not contain any highly personal information such as biometric fingerprint information or facial identifications.
So far, an initial investigation indicates that the information does not appear to be compromised, the Chronicle reports.
The laptop belonged to Verified Identity Pass, which contracts with TSA to operate Clear, a program that allows travelers to move quickly through security lines. Clear members pay TSA about $120 per year to verify their identities, and in turn, receive a Registered Traveler card allowing them to bypass standard airline security procedures. Verified Identity Pass runs the program in about 20 airports across the country.
After the laptop was initially reported missing, the TSA determined VIP was out of compliance with federal airport security regulations that requre sensitive or personally identifying data to be encrypted on mobile devices.
The agency subsequently placed a suspension on VIP from enrolling new members and ceased the use of any of the company's laptops until all mobile devices were brought into compliance by encrypting customer data. TSA also instructed VIP to immediately notify the affected members.
TSA announced in a written statement that current Clear members will not be affected by the suspension and can continue use of their Registered Traveler cards as normal.
The laptop was first reported missing to the San Mateo County' Sheriff's office on July 26 and to TSA on the 28th. Clear officials told the Chronicle that the laptop was found in the same office but in a different place from where it was allegedly missing.
According to Clear officials, someone downloaded the travelers' data onto a laptop which was regularly taken to offsite locations in order to enroll new members in the Clear program. The information was encrypted on the server, it wasn't on the laptop, Clear officials said.