33,000 Clear Travelers Information CompromisedBy: Dan Morrill - August 5, 2008
A TSA Laptop containing names, social security numbers, passport numbers, and a host of other personal information has been stolen out of a locked cabinet at the San Francisco Airport, and no the hard drive was not encrypted.
There is no notification of the breach at the flyclear.com site, nor has anything been reported on the breech blog or on the attrition.org data loss site on this issue yet.
The "Fly Clear" program is designed for travelers to speed through the TSA checkpoint at airports because they have already been background checked, and provided the government and its contractor all the information necessary to ensure that you are not a danger to yourself or others. Joining clear requires that you give up the following information.
Step Two: Stop by a Clear enrollment station to have images of your iris and fingerprints captured, and to submit two forms of approved government-issued identification for verification. Please bring a US Passport if you have one. Please read the document requirements before you come to complete to the Clear enrollment station. Source: Clear FAQ
CBS 5 is reporting that all this kind of information has been lost with the theft of an unencrypted laptop from a locked cabinet at the San Francisco airport.
Verified Identity System’s Clear program allows passengers to scan their smart cards at a kiosk for a speedier security screening. T.S.A. spokesperson Ann Davis told CBS an unencrypted computer storing the personal information on the cards went missing from SFO on July 26th. Davis said VIP is a privately run company that the airport provides with background checks of enrolled customers. Now the company must suspend new enrollments, notify affected customers, and secures computers until they can install encryption. Source: CBS 5
With both standard information and biometric information on the loose, this makes for almost a double whammy when it comes to data loss and the influence this can have on a person and their identity. It is unknown what the longer repercussions are going to be with the loss of biometric information outside of the fingerprints (if anyone knows how to hack iris readers let me know that would be an interesting article to write about), printing or wax impressions of fingerprints are well known ways to defeat most fingerprinting biometric systems. This should make that thumb print at the bank when cashing a check more interesting in the longer run as it is going to be impossible to change your biometric information while it is possible to get everything else cleaned up.
Travel this summer has been hard, and it looks like it just got harder for 33 thousand people.