Life's A Breach -- Security Today

Webinars

VideoIQ Reduces Your False Alarm Rate So You Can Keep Your Money May 14, 2012
Deploying Mission-Critical Communications Networks May 03, 2012
Aligning your physical security infrastructure with your organizational growth strategy Apr 11, 2012

Recent Blog Posts

Two California Robbers Caught on Own Home Video Camera May 15, 2012
Illegal Immigrant Spends 20 Years as Security Guard at Newark International Airport May 15, 2012
Metro Riders in Washington, D.C. Stop iPhone Thief May 09, 2012

Share this Page

Life's A Breach

TSA’s latest employee identity security breach highlights the need to protect who you are

By Karina Sanchez
May 31, 2007

IF you work or have worked for the Transportation Security Administration, you could be the latest victim of a major security data breach. On May 3, TSA officials discovered a hard drive containing personal employee information was missing from a controlled area at the Headquarters Office of Human Capital. TSA officials announced that approximately 100,000 of its employees during the time of January 2002 to August 2005 had their personal identifying information compromised. This information includes employee pay information, name, bank account and routing information, Social Security number, date of birth, salary, deductions and leave information—everything needed to not only clear out someone’s entire bank account, but to take on their identity entirely.

Though TSA does not confirm whether or not the hard drive was stolen or if it’s simply missing, it called on the Secret Service and FBI to help in the matter. So we can assume from the three organizations that are taking over this investigation that it’s not something TSA is taking lightly, or rather, can effectively mitigate on its own.

Just last year, a laptop was stolen from the house of a Department of Veterans Affairs employee. The laptop contained information on more than 26.5 million military personnel. The laptop was later recovered with no evidence of copying. Since 2003, 19 federal agencies have reported 788 incidents of data theft or loss. This not only bodes detrimental to employees, but the public in general, as well.

TSA Responds
The day after the latest incident occurred, May 4, TSA Administrator Kip Hawley sent out a letter to all employees, informing them of what happened and what the administration would do to help those who might be affected.

“As a result of this, TSA will provide you with identity theft protection and monitoring for one year free of charge, as necessary,” Hawley said. “Credit monitoring services will include monitoring of all three national credit bureau reports, fraud alerts, detection of fraudulent activity and identity theft, and fraud resolution and assistance.”

In a statement later sent out to the public, TSA announced a benefit package to employees affected by the security breach. The package includes ID theft insurance up to $25,000 and identity restoration specialists who will assist employees in the event they are a victim of identity theft.

TSA encourages employees to regularly check their credit reports and to review their bank transactions carefully. Hawley said that TSA is committed to maintaining the privacy of employee information and takes many precautions for the security of personal information.

“In response to incidents like this one and the increasing number of data breaches in the public and private sectors, the agency is continually monitoring its systems and practices to enhance the security of personal and sensitive information,” Hawley said. “We profoundly apologize for any inconvenience and concern that this incident has caused.”

Getting anymore information from the administration has been an uphill battle, as the investigation is on-going and representatives are tight-lipped. It’s fair to say though that TSA is doing what it can to compensate for any distress this incident might cause. Not only is the administration facing a large problem with identity theft, but what also can be a much larger problem of employee access control.

Industry Expert Speaks Out
Any time a company has an identity theft occurance within its closed doors, all fingers point to employees within.

“To me, the TSA incident appears to be some type of inside job, a disgruntled employee. Approximately 50 to 60 percent of the cases I’ve seen, that’s typically what happens,” said Tom Harkins, COO of Edentify and the former operations director for MasterCard International's fraud division. “People do this as a way of getting their revenge on a company.”

Harkins, who has more than 20 years’ experience in the identity security industry, knows the ins and outs of cases like this and isn’t surprised that another identity theft story has made the front pages.

It’s becoming all too commonplace, he said. Public and private entities are constantly trying to safeguard their employees’ information, knowing that a breach can have damaging effects for the corporation as a whole.

”TSA is a highly secure, highly regulated organization that’s trying to protect the rest of the country,” Harkins said. “If they can’t even protect their own data and their own information, it really gives you reason to wonder how confident and good they really are.”

And that’s a sentiment vibrating through the heads of many U.S. citizens, including TSA employees, who entrust the administration with their security and safety daily. Luckily for TSA employees affected by the breach, the administration is offering recuperative efforts free of charge for a year. But is that enough?

”Your name and Social Security number are things that stay with you through your livelihood. Once criminals get a hold of that information, you’ll be in trouble for many, many years,” Harkins said.

Nontheless, Harkins said that sending a letter notifying people of a breach, taking proactive steps to find the culprit, offering restoration services, identity security insurance, toll-free numbers for help and Q&A’s all are good ways for a company to recuperate from an identity theft occurrence.

Just Ask
Harkins recommends asking your HR department the following questions to ensure your identifying information is secure.

• Is the data encrypted?
• How many people have access to the data?
• Is the data ever taken outside the office?
•Are the servers encrypted?
•Are there ways in which the data can be protected to where no one has access to it?

”If you can go on-record and ask these questions, HR would have to ensure these policies are in place to address these issues,” Harkins said.

The State of Security
In instances like this, there’s really not much an employee could have done to prevent their information from being taken. People trust financial institutions, their employers and government entities to safeguard their information, and someone tampering with their Social Security number is far from their minds. And security, for the most part, is paramount in such cases, providing a sense of trust from most people. In this day and age, a converged security solution is able to more accurately detect wrongdoings.

The state of security is changing and solutions are now more robust. Though there really isn’t much insight into how “controlled” the area was in the TSA data breach incident, it’s very likely that the administration does have stringent access requirements to such information. Hopefully, for those involved, security will play its part in helping recover what was lost.

Subscribe to Security eNews Get security-related news and features delivered
to your inbox each week. Sign-up for our
FREE e-newsletter today.

Industry News | Hot New Products | Events | And More....

Comments

Add your Comment

Your Name:(optional)

Your Email:(optional)

Your Location:(optional)

Comment:

Please type the letters/numbers you see above

Security Today

Webinars

Recent Blog Posts

Featured Product

Share this Page

Life's A Breach

Comments

Add your Comment

Sponsored Links

Career Network

Whitepaper Library

Upcoming Webinars