The Transportation Security Administration (TSA) is the latest government agency to admit it’s missing a hard drive housing sensitive employee data.
In a statement on the TSA Web site, the agency tasked with airport security said it became aware that the hard drive was missing on Thursday. The incident involves about 100,000 archived records of people employed by the agency from January 2002 to August 2005.
TSA said it is treating this as a criminal matter and has asked the FBI to investigate. The U.S. Secret Service is also assisting in the forensic review of equipment and facilities and TSA said it’s “cooperating fully.”
Meanwhile, the agency has begun to notify all affected individuals and provide them with information about how to protect against identity fraud. “As an extra safeguard, TSA is developing a process to purchase credit monitoring services for all affected current and former employees for a period of one year, as necessary,” TSA said.
Incidents like this have such organizations as the Cyber Security Industry Alliance (CSIA) calling on the government to take tougher measures to better secure the data it handles.
When the President’s Identity Theft Task Force Strategic Plan was released last month, the CSIA expressed dismay that the recommendations didn’t include specifics on what the government is doing to clean up its own security mess.
Media attention has been largely focused on private sector data breaches in recent months, most notably the security failure of TJX Companies Inc., where a sustained network breach exposed at least 45.7 million credit and debit card holders to identity fraud. But CSIA general counsel Liz Gasster cited a number of serious breaches at the government level, such as the theft of a Department of Veterans Affairs (VA) laptop and external hard drive last year that exposed 26.5 million veterans and active duty personnel to identity fraud, and a more recent incident where the U.S. Department of Agriculture (USDA) admitted the private data of about 38,700 people was accessible to the public on a government-wide Web site.