backtop


Print 23 comment(s) - last by fic2.. on May 8 at 1:03 PM

The Transportation Security Agency is the latest government agency to lose or have data stolen

An external computer hard drive containing the personal, bank and payroll information of up to 100,000 former and current Transportation Security Administration (TSA) employees was reportedly stolen from a human resources office in Crystal City, VA.  The Federal Bureau of Investigation and U.S. Secret Service are now helping the TSA investigate the theft -- FBI is conducting the investigation, with the Secret Service conducting a "forensic review of equipment and facilities."

The TSA learned about the missing hard drive sometime Thursday, but the agency informed possibly affected employees Friday evening -- a delay which has upset some employees.  TSA spokesperson Ellen Howe reassured agency employees by stating the TSA was "not trying to stall."

"TSA has no evidence that an unauthorized individual is using your personal information, but we bring this incident to your attention so that you can be alert to signs of any possible misuse of your identity," said Kip Hawley, TSA Administrator.

The TSA is unaware if the hard drive has left its premises.  The hard drive contained sensitive information on employees who worked for the TSA from January 2002 until August 2005.  The agency employs almost 50,000 people and is the agency responsible for securing transportation systems in the country, including airports and railroads.

Letters were sent out to all affected employees promising one year of credit monitoring services.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Security
By Hare on 5/6/2007 7:24:37 AM , Rating: 2
There's no 100% safe protection but you can get very close in practise.

If you wanted access to my/company files you would need to steal my laptop and find out my pointsec encryption password. Without the correct password you have a dead computer. If you found my encryption password (three tries allowed) you would still need my login credentials to the network to access the actual files that are kept on servers. Server VPN connections are secured with my username and password and a secure/smart id card that changes the password on each login.

If I lost my laptop it would take about 2 minutes to shut down my account preventing anyone with the computer from accessing the network even if he/she knew every single password and login and had my computer and password-card. Safe enough...


RE: Security
By leexgx on 5/6/2007 9:06:27 AM , Rating: 2
quote:
If I lost my laptop it would take about 2 minutes to shut down my account preventing anyone with the computer from accessing the network even if he/she knew every single password and login and had my computer and password-card. Safe enough...


but thay be able just format the hdd and use it (on in your case thay probly need to do an Low level format or need to replace the hdd)

you can get laptops that have TPM chips on them + the Bios password lock (or even better an SD card that works with the bios that stores the key on it) + hdd encryption

buy any biz laptop from toshiba (that has Vista bis on it)
it has an Easy to use securtiy progrm on there that can set the password on the BIOS and the HDD (hdd is useless with out the password as its stored on the hdd it self) you can allso store it on an SD card so thay need to insert it on boot up or it not get pass the password

Vista has HDD TPM support that the toshiba program thats on the desktop that makes it easy to set up as well (and agane in this case VIsta supports any Mass storage device {SD card/USB stick} so the user does not even need to know the password)

so if the laptop is stolen it be quite hard to use as it be protected by all that stuff / the first part can be done in an matter of 30 secs and will render the laptop useless unless thay know the master Bios password that the user should Not know when set or have the SD card
the seconed part Useing the TPM protection the time it takes to encript the hdd (probly 30 mins)

if the admin's even bothers to invest in 2 SD cards and 30mins of setting up the security at most this type of stuff should not happen (the securty Comes with the Vista/XP Biz Toshiba laptops for Free)


RE: Security
By leexgx on 5/6/2007 9:12:18 AM , Rating: 2
or the other way is Full Boot HDD encryption software (at most i guess $100 for something basic but afective)

thay still be able to use the laptop but only after an format or an Low level format if that fails


RE: Security
By leexgx on 5/6/2007 9:14:40 AM , Rating: 2
this site needs edit button


RE: Security
By Hare on 5/6/2007 10:07:28 AM , Rating: 2
quote:
but thay be able just format the hdd and use it (on in your case thay probly need to do an Low level format or need to replace the hdd)

Information is all that matters. Hardware is cheap to replace. As long as data is safe the actual hardware loss is irrelevant. From a security standpoint it wouldn't really matter if the laptop was stolen or if someone just spilled their coffee all over the machine.

Another thing to consider is that no matter how strong an ecryption etc is it's useless if the user has "James" login with "James123" password. Too many people use their pets names or something similar as their password.


RE: Security
By leexgx on 5/6/2007 12:02:05 PM , Rating: 2
thats why i posted about useing SD cards as its commen an Most cases its not the user that has stole the laptop but i do think there should be an password + SD keys for the data part


"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki