Laptop reported stolen from SFO found

0 Comments | Oakland Tribune, Aug 5, 2008 | by Anonymous

A laptop that contains the personal information of some 33,000 customers of an airport fast-pass program was found this morning after being reported stolen from San Francisco International Airport on July 26, a spokeswoman for the company that runs the program said.

Allison Beer, a spokeswoman for Verified Identity Pass Inc., said the laptop was found this morning in the same secured room at the airport that it went missing from and that officials are working to determine whether any of the data was compromised.

Officials are also investigating the circumstances surrounding the laptop's reappearance, she said.

The Transportation Security Administration suspended Verified Identity Pass Inc., the company that operates the registered traveler program under the brand name Clear, from enrolling new applicants due to the alleged theft of the unencrypted laptop.

The San Francisco airport was instructed to make sure the company immediately notified the customers who were impacted.

In a prepared statement issued after the laptop was reported stolen, Verified Identity Pass CEO Steven Brill said, "We don't believe the security or privacy of these would-be members will be compromised in any way.

But out of an abundance of caution and in keeping with a policy of always leveling with our members, we wanted to issue this warning regardless of which state law may or may not require it.''

Information on the laptop includes names, addresses, birth dates and some applicants' driver's license numbers and passport information, but does not include applicants' credit card information or Social Security numbers, according to the company.

The information is secured by two levels of password protection, the company reported.

The TSA has told SFO and other airports that use Clear to suspend enrollment, cease use of any unencrypted computers and secure devices until encryption can be installed.

The agency requires that all registered traveler service providers encrypt all files containing participants' sensitive and personal information. Companies that don't comply may face suspension of a program and civil penalties.

Verified Identity Pass will be required to submit an independent audit to verify that the required security measures are in place and the Transportation Security Administration will verify the audits before more customers can enroll in the program.

TSA officials say the suspension will protect consumers waiting to enroll in the Clear program and allow the company to bring its procedures into compliance.

Current customers will not be affected and will not experience disruption when using the Clear system, which allows travelers to get through security faster.

Verified Identity Pass operates at 17 airports nationwide and has signed up more than 200,000 travelers.