TSA Loses Laptops With 'Verified' Flyer Details
from the your-middle-name-is-what-now? dept
Either that, or pretend to be someone on the list.
And what better way to do that then to get your hands on the details of everyone on the list. Well, it appears that the TSA has forgotten its middle name, and failed to protect its own laptop carrying the (unencrypted, of course) details of 33,000 people on the clear list (Update: to clarify, the laptop was actually lost by a TSA vendor, but considering these were applications made to the TSA, it's not clear that the difference here really matters). While it certainly may have just been lost or stolen by someone who wanted a free laptop, whoever has that laptop now has the names, addresses and driver's license or passport numbers of 33,000 applicants. It's unclear if it indicates which of those applicants were approved, but I would still imagine that info would be useful to someone looking to bypass airport security.
The company that runs the program, Verified Identity Pass, issued statement that isn't particularly comforting:
"We don't believe the security or privacy of these would-be members will be compromised in any way."First of all, that's not true. If you've exposed people's names, addresses and driver's license or passport numbers, their security has certainly already been compromised. But, more importantly, rather than those individuals' security and privacy, I would be worried about overall airport security, which has now been compromised. Update: So, this is weird. The laptop has been found. Where was it? Right where it was last seen. Not clear if it was actually lost or someone just got confused or what -- but still not particularly comforting.