Ah, the poor, often maligned TSA. It really hurts that they lost a laptop containing the names, Social Security numbers, birth dates, bank accounts, and routing data of 100,000 of their past and present employees. Now, they are being sued by their employee union for being lax on security.
It's never a good sign when a government organization that has the word Security in it is being sued by it's own employees for a LACK of security. That is just not very reassuring. But, hey, at least they caught the fact that I had a button fly on my last trip to SF. Just kidding, Kip! I'm probably already going to be audited for my comments on the IRS, I don't want to make my traveling anymore convoluted than it is.
So, back to the lawsuit: The American Federation of Government Employees's national president, John Gage, stated today that the TSA's "reckless behavior is clearly in violation of the law."
Besides facing a lawsuit (only one so far) and looking incompetent, the TSA is paying Identity Force to monitor their employees credit for one year and provide up to $25,000 in identity theft insurance.
However, the union is looking for a little more love.
They are seeking to force the TSA to comply with the 2001 Aviation and Transportation Act and the 1974 Privacy Act. Also, they want the TSA "to grant administrative leave to transportation security screeners requesting leave in order to protect against or correct identity theft or financial disruption caused by this data security incident."
Also, they want their credit monitored for the next five years, plus pay for any damages that result from the theft, plus pay each employee who was adversely affected by the theft the amount of $1000 (potentially $100,000,000.00 if you're keeping track), plus all legal fees.
This is, of course, in addition to the fact that we have the Secret Service and the FBI spinning cycles trying to hunt down this laptop, which if would have been encrypted, would not have even been reported. Of course, the FBI does not have a good record finding laptops, so don't get your hopes up that this one is going to make it back.
The only good thing about the TSA's actions is that they reported it the day after they lost it instead of weeks or months later.
Oh well. The future of the encryption industry looks good...
One last thought: if you're keeping track of the letters that are sent out to people when an organization looses their data - please add this to your rapidly growing collection.