OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] followup: TSA Demands Encryption Following Dual Laptop Loss

From: security curmudgeon (jerichoattrition.org)
Date: Wed Oct 17 2007 - 00:48:06 CDT


---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.eweek.com/article2/0,1895,2199122,00.asp

By Lisa Vaas
eWeek.com
October 16, 2007

All data must be encrypted, the TSA orders, after the loss of laptops
holding hazmat driver data.

Following the loss and possible theft of two laptops containing the
personal data of 3,930 truckers who handle hazardous materials, the
Transportation Security Administration has mandated that contractors must
encrypt any and all data on top of any deletion policies they have in
place.

According to a letter the TSA sent to lawmakers on Oct. 12, the laptops -
both of which belonged to a TSA contractor - contain names, addresses,
birthdays, commercial driver's license numbers and, in some instances,
Social Security numbers of the affected truckers.

First, one laptop was lost. At that time, the contractor, L-1 Identity
Solutions' Integrated Biometric Technology division, told the TSA that the
truckers' information had been deleted from the system, TSA Public Affairs
Manager Ann Davis told eWEEK.

Then, another laptop disappeared. After the second theft or loss, the TSA
conducted an IT forensic investigation that ascertained that the deleted
information could be retrieved if a thief had the proper training.

[..]
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml