By Martin H. Bosworth
ConsumerAffairs.com
August 12, 2006
While Homeland Security was issuing color-coded alerts and warning
travelers of the dangers of liquids on a plane, the theft of data on 40,000 licensed pilots went largely unnoticed.
The Department of Transportation (DOT)'s office of the Inspector General (OIG) reported that a laptop belonging to a special agent assigned to the agency's Miami office was stolen on July 27th.
The laptop, which the agency claimed was password-locked, contained
personally identifying information on roughly 133,000 Florida
residents, including:
• Personal information on over 86,000 commercial driver's license
holders in the Miami area, including names, addresses, and Social
Security numbers.
• Information on over 40,000 licensed pilots in the Florida area
Ironically, the agent responsible for the data was part of a task force investigating the acquisition of driver's and pilot's licenses using false information, and whether fraud was being committed at the licensing facility in question.
The unidentified agent had been working at home with the data, and had missed a security upgrade that would have encrypted the laptop against intrusion, The Register reported.
A spokesman for the OIG stated that the agent had left the computer in a government-owned vehicle, and when he returned to pick it up, he noticed it was missing. Further investigation revealed that the vehicle had been tampered with.
"We do not have reason to believe that the perpetrators targeted the computer based on knowledge of thedata," the OIG said in a statement. "However, we are taking all possible steps to inform Florida residents. We have dispatched a team of Special Agents to the Miami area to work with the Miami-Dade Police Department."
The DOT is offering a $10,000 reward for return of the laptop or information on its whereabouts. No information was provided as to why the theft was not made public until August 10th, or what the current status of the agent was.
Observers noted the potential danger of the information being loose in "the wild," as anyone who had access to the data could use it to gain false credentials for pilot's and driver's licenses.
Same Old, Same Old
The DOT laptop disappearance is the latest in a series of computer thefts and data breaches that has reached nearly absurd levels.
Government agencies, in particular, have been experiencing unheard-of levels of "laptop theft" and equipment losses, all of which contained valuable personal data that could be used for fraud and data theft.
The Veterans' Administration (VA) still claims the dubious honor of being the agency with the largest breach of personal data, due to the loss and retrieval of a laptop containing personal and medical information on 26.5 million veterans.
The VA reported recently that a desktop computer containing information on another 38,000 veterans had been stolen from the offices of Unisys, a contracting company that was assisting the VA with processing insurance claims.
Unisys announced that it would provide a year of free credit monitoring for any veteran potentially affected by the computer theft, free of charge.
Although the VA withdrew its own offer of credit monitoring for the stolen laptop after it was recovered and tested, California-based data analysis company ID Analytics recently offered to monitor the veterans' credit data to look for patterns of fraud and misuse, also at no charge.
ID Analytics published a study in 2005 that claimed small breaches of data were more dangerous than large exposures of information, given the amount of data to sift through, and that it was unnecessary to alert affected individuals every time there was a potential breach.
