TSA Hard Drive With Employee Data Is Reported Stolen

By Spencer S. Hsu
Washington Post Staff Writer
Saturday, May 5, 2007

The FBI and the Secret Service have opened a criminal investigation into the apparent theft of a computer hard drive containing the personal, payroll and bank information of 100,000 current and former workers of the Transportation Security Administration, including airport security officers and federal air marshals, the TSA said yesterday.

In a written statement released after business hours, the TSA said it learned Thursday that the drive was missing from a secure area of its human resources office at its Crystal City headquarters.

The TSA employs about 50,000 people, including 43,000 airport guards and thousands of air marshals, who are federal law enforcement officers.

A TSA spokesman said the loss occurred in recent days and will not pose a significant risk of security breaches in sensitive areas patrolled by workers at airports and rail yards. Access to such areas requires additional credentials that use unique physical identifiers such as fingerprints, said the official, who spoke on the condition of anonymity to discuss security protocols.

The hard drive, which contains payroll data from January 2002 to August 2005, holds employee names, Social Security numbers, birth dates, and bank account and routing information.

The TSA began notifying employees of the loss at the close of business yesterday "out of an abundance of caution," offering free credit-monitoring services and advising workers to alert their financial institutions.

"TSA has no evidence that an unauthorized individual is using your personal information, but we bring this incident to your attention so that you can be alert to signs of any possible misuse of your identity," stated the letter, signed by TSA Administrator Kip Hawley. "We apologize that your information may be subject to unauthorized access, and I deeply regret this incident."

The episode is the latest high-profile data theft to strike the government or the private sector, although its impact on a domestic security agency with law enforcement responsibilities may pose added risks.

CardSystems Solutions and the owner of retail chains T.J. Maxx and Marshalls have disclosed large breaches of credit card information on millions of consumers.

The Department of Veterans Affairs lost a laptop last year with information on more than 26.5 million military personnel, although it was recovered with no evidence of copying. Since 2003, 19 federal agencies have reported 788 incidents of data theft or loss, affecting thousands of employees and the public.

Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee, said he was briefed by the department, adding, "For an agency suffering from morale problems, this is a terrible and unfortunate blow."

The panel will probably hold hearings, said Rep. Sheila Jackson-Lee (D-Tex.), who chairs a subcommittee overseeing the TSA. "This organization responsible for the nation's security has had a massive security breach. Whether it is known what the breach was or how it occurred, it did occur and this raises enormous concerns," Lee said. "We will be in a posture of quickly looking for answers."

© 2007 The Washington Post Company