Aug 5, 2008 6:26 pm US/Pacific
Missing SFO Laptop With Sensitive Data Found
SAN FRANCISCO INT'L AIRPORT (CBS 5 / AP / BCN) ―
The company that runs a fast-pass security prescreening program at San Francisco International Airport said Tuesday that it found a laptop containing the personal information of 33,000 people more than a week after it apparently went missing.
The Transportation Security Administration announced late Monday that it had suspended new enrollments to the program, known as Clear, after the unencrypted computer was reported stolen at SFO.
A spokeswoman for Verified Identity Pass Inc., which operates the program, said the company reported the laptop stolen to airport police and the TSA more than a week ago when they could not account for its whereabouts.
The laptop was found Tuesday morning in the same company office where it supposedly had gone missing on July 26, said spokeswoman Allison Beer.
"It was not in an obvious location," said Beer, who said an investigation was under way to determine whether the computer was actually stolen or had just been misplaced.
The program allows passengers to pay to use special "fast lanes" to avoid long lines at airport security checkpoints. They must still undergo normal security screenings once they reach the checkpoint.
The laptop contained personal information on applicants to the program, including names, address and birth dates, and in some cases driver's license, passport or green card numbers, the company said.
The laptop did not contain Social Security numbers, credit card numbers or fingerprint or iris images used to verify identities at the checkpoints, Beer said.
"We don't believe the security or privacy of these would-be members will be compromised in any way," said Verified Identity Pass chief executive Steven Brill. "But out of an abundance of caution and in keeping with a policy of always leveling with our members, we wanted to issue this warning regardless of which state law may or may not require it.''
Beer said the company was continuing to notify the 33,000 applicants, most of whom had signed up online but had not completed the enrollment process.
According to a TSA spokesman, the information on the laptop did not pose a threat to airports.
"It's not so much a security issue as a violation of personal information," said TSA spokesman Nico Melendez.
In a statement, the company said the information on the laptop, which was originally reported stolen from its locked office, "is secured by two levels of password protection." Beer called the fact that the personal information itself was not encrypted "a mistake" that the company would fix.
The TSA said Verified Identity Pass must notify all affected applicants whose information was on the laptop and show it has installed encryption on all its computers before it can restart enrollments.
The suspension of new enrollments does not affect the more than 200,000 air travelers already enrolled in the program, according to the agency.
Verified Identity Pass Inc. operates the program at 17 airports nationwide, including SFO.
(© CBS Broadcasting Inc. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed. The Associated Press and Bay City News contributed to this report.)
