Saturday, May 05, 2007

Transportation Security Administration has a problem with security

The folks entrusted with ensuring the security of U.S. air travel seem to have a problem with their own information security.

The Transportation Security Administration, a department within U.S. Homeland Security, revealed that it "lost" a computer hard drive containing Social Security numbers, bank data, and payroll information for about 100,000 of its employees. They are not sure if they just misplaced it or if it was stolen.

Here's the part that baffles me: the data was stored on a portable, external, disk drive.

Why on earth would TSA write confidential employee information to a portable disk drive? It brings to mind a similar incident last year where a laptop computer was stolen with confidential information on millions of military personnel. A Veterans Administration employee had take taken the laptop home with him, where it was stolen.

The Associated Press has the full story on TSA's information security incident.

Maybe the problem is that many IT security professionals are not taking this threat seriously. A recent study we did at Computer Economics found that a significant percentage of IT security staff surveyed think that physical loss or theft of computer hardware or storage is only a minor threat. This is somewhat surprising in light of the number of respondents who reported such incidents in the past year.

An executive summary of our study, Trends in IT Security Threats, is on the Computer Economics website.

No comments: