Information Security News: TSA suspends Registered Traveler enrollments

[InfoSec News <alerts () infosecnews org>]

http://www.fcw.com/online/news/153393-1.html

By Alice Lipowicz
FCW.com
August 5, 2008

The Transportation Security Administration has suspended new enrollments 
for the largest vendor in the Registered Traveler program following the 
company's loss of a laptop PC that contained unencrypted personal 
information on 33,000 participants in the program.

The TSA said the vendor, Verified Identity Pass Inc., was found to be 
“not in compliance” with the agency’s requirement to encrypt sensitive 
personal information submitted by applicants and enrollees, according to 
TSA spokeswoman Ann Davis. Although the agency has authority to suspend 
the program overall and impose civil penalties, Davis said today neither 
additional action is now being considered.
 
The laptop was stolen from a locked office at San Francisco 
International Airport, Verified Identity Pass said in a statement. The 
personal information the laptop contained is protected by two levels of 
password protection and does not include Social Security numbers, 
biometric data or credit card information, the company said. The 
individuals affected were mostly new applicants along with a few members 
seeking re-enrollment.
 
“We don’t believe the security or privacy of these would-be members will 
be compromised in any way,” Steven Brill, chief executive of the 
company, said in a statement.
 
[...]

_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com