Missing SFO laptop found--where it went missing

A laptop with information on prescreened travelers, which was reported stolen, has been found, and the incident may be relabeled the case of the misplaced laptop.

Late Monday, the Transportation Security Administration had announced that a laptop containing data on about 33,000 travelers who had applied for a national airport security fast-pass card was believed to have been stolen from a locked office at the San Francisco Airport in late July.

Early Tuesday, however, the computer was found in the same company office from which it was supposedly stolen on July 26, Allison Beer, senior vice president for corporate development for Verified Identity Pass, which runs the Clear screening program, told The San Francisco Chronicle. The computer, which held names, addresses, and birthdates for people applying to the program, was found in the same airport office but not in its previous location, the executive told the newspaper.

"Yes, it was sensitive privacy information, but not the stuff that was most sensitive," the executive told the paper, adding that a preliminary investigation showed that information was not compromised.

As a result of the investigation, new sign-ups for the program have been suspended. The program lets travelers pay to have the TSA verify their identities, allowing them access to special security lanes in airports to avoid lengthy security line waits.

[zextron]

Probably was put back after stealing the information.

[sullivanjc]

That would be my thought as well. Even if it wasn't, they should be assuming that

[Dalkorian]

They *SHOULD* assume that, but I'm not confident they will. The TSA has already said there is little to no risk in this data being lost, despite the fact that it includes names, birth dates, addresses and passport and/or drivers license numbers. If there is no risk in that data being in the public domain, what does it take?

[benjaminstraight]

Unfortunately, not all information can be protected because of the human factor.

[yacahuma]

I would not use that laptop. What if someone install some kind of hijacking chip?

[M_K_Higa]

I hope a whole bunch of people pay to get this service. That way, the regular line will get shorter. Or is that just wishful thinking?

[Magicland]

Right, a highly sensitive laptop just got "misplaced" for a week. What room was this, the same one where they keep the Ark of the Covenant? First thing that should have happened when it was reported missing was a top to bottom search of wherever it was last kept. Are they that incompetent that they couldn't find it, or are they stupid enough to think that we'd believe the laptop's been there the whole time. And if the laptop HASN'T been there the whole time, then whatever is on it has got to be considered compromised, even if they just took it and duped the hard drive and haven't cracked whatever security is on it (if there is any).

[Magicland]

Just a thought on shoddy reporting. When this originally came out, it was listed as a TSA issue. SFO is one of the few airports in the nation which does NOT use TSA screeners, so this is totally a private contractor issue, though TSA probably hired the contractors.

[Dalkorian]

Right, according to the original article linked in this blog (San Francisco Chronicle):
"The machine belongs to Verified Identity Pass, which has a contract with the TSA to run Clear, a service that speeds registered travelers through airport security lines."
Gee, that somehow just doesn't make me feel any better about this. A laptop, with unencrypted data on thousands of flyers, including passport and DL numbers, goes "missing" for a week and is mysteriously found in the same office. Anyone who's breathing a sigh of relief is dumber than dirt. Who had it for that week? What did they do with it? Who has that data now, or are we now naive enough to think the "bad guys" do NOT have everything off that laptop? Are we still supposed to believe in the lack of threats created by this "Real ID" idiocy when they have proven without a shadow of a doubt that they can't even secure a small sampling of the population that has PAID for the "privilege" to be prescreened and cleared of terrorist suspicion? Why have we even allowed this nazi BS to occur anyway, just because fuhrer bushit is incompetent at protecting us? ***???

[masonx]

Could this be anymore typical of the current administration's m.o. in dealing with their screw-ups? Now think of what those screw-ups would look like with advanced senility added to it - if this administration extends itself with McCain. Well thought certainly ruined my day.

[TV James]

Check the service tag.

[Mister C]

SOOOO! LAME!

Just why did it take a week to return the computer? The only time NSA could get in an out without being seen? Not to worry, the private sector is on the job, nothing shady going on here.

[Get_Bent]

I think the Transportation Security Administration needs to spend more time securing their equipment....

[regulator1956]

Truth:
An employee needed a laptop for a meeting down the hall and saw that this one wasn't being used at the time. Took it to the meeting and forgot to return it.

B.S.:
Stolen, locked office, searched high and low.

[neilmitch]

From "Silicon Valley Neil"... Here is an email from CLEAR on the resent laptop incident...

ABOUT YOUR CLEAR ACCOUNT

Dear xxxx,
We take the protection of your privacy extremely seriously at Clear. That's why we announced on Tuesday that a laptop from our office at the San Francisco Airport containing a small part of some applicants' pre-enrollment information (but not Social Security numbers or credit card information) recently went missing. None of your information was in any way implicated. However, we were prepared to send those applicants and members who were affected the appropriate notice on Tuesday detailing that situation.
Before we could send out that notice, the laptop was recovered. And, we have determined from a preliminary investigation that no one logged into the computer from the time it went missing in the office until the time it was found. Therefore, no unauthorized person has obtained any personal information.
Again, none of your personal information was on the computer in any form, but we nonetheless wanted to give you details of the incident that could have affected others applying for Clear memberships because the incident involves Clear's privacy and security practices and policies.
We are sorry that this theft of a computer containing a limited amount of applicant information occurred, and we apologize for the concern that the publicity surrounding our public announcement might have caused. But in an abundance of caution, both we and the Transportation Security Administration treated this unaccounted-for laptop as a serious potential breach. We have learned from this incident, and we have suspended enrollment processes temporarily until all pre-enrollment information is encrypted for further protection. The personal information on the enrollment system was protected by two separate passwords, but Clear is in the process of completing a software fix - and other security enhancements - to encrypt the data, which is what we should have done all along, just the way we encrypt all of the other data submitted by applicants. Clear now expects that the fix will be in place within days. Meantime, all airport Clear lane operations continue as normal.
As you may know, our Privacy Policy states that we will notify you of any compromise of your personal information regardless of whether any state statute requires it. This letter is a good example of our policy: no law requires that we notify you of this incident because our investigation of the recovered laptop revealed no breach and because in any event none of your own information was affected. But we think it's good practice to err on the side of good communication with all Clear members, especially when, in this case, we did make a mistake by not making sure that limited portion of information was encrypted.
Please call us toll-free with any questions at (866) 848-2415. Again, we apologize for the confusion.
Sincerely,
Steven Brill
Clear CEO
P.S. A reminder: One of Clears unique privacy features is that all members and applicants are given an identity theft protection warranty which provides that, in the unlikely event you become a victim of identity theft as a result of any unauthorized dissemination of your private information by - or theft from - Clear or its subcontractors, we will reimburse you for any otherwise unreimbursable monetary costs directly resulting from the identity theft. In addition, Clear will, at its own expense, offer you assistance in restoring the integrity of your financial or other accounts. So had there been any actual compromise of your personal information, you would have been additionally protected.