TSA Continues to Struggle With Simple Security Concepts UPDATE: They Found the Laptop

I have written about TSA and their security problems several times before. They had a massive breach in which the Chinese exfiltrated data from the network back to China. A contractor accidentally emailed private employee information to the wrong address.

The latest buffoonery involves a contractor TSA hired to create the “Clear List” of passengers who have had background checks and are allowed to bypass the long lines of security at the Airports. The laptop containing the names, addresses, social security numbers, biometric information, and passport information, was stolen. And the laptop? It was unencrypted. From CBS5 here:

The Transportation Security Administration says a laptop containing the sensitive personal information of 33,000 applicants to an airport security prescreening program has gone missing.

The TSA has suspended new enrollments in the program, known as Clear, which allows passengers to pay to use special “fast lanes” at airport security checkpoints.

The laptop belonged to a privately run company known as Verified Identity Pass Inc., which operates the program at 17 airports nationwide.

An agency spokesman says the company must notify all affected applicants and show it has installed encryption on all its computers before it can restart enrollments.

Current Clear customers will still be able to use their cards while the breach is sorted out.

Ernst and Young were signatories to a privacy letter here certifying that Verified Identity Pass and Clear were protecting customer data correctly. I guess this little breach makes them all liars. Or E&Y has to start including encryption as part of their certification.

UPDATE: According to the SFGate here, the laptop wasn’t stolen.  It was just hiding.