Clear Pass data takes off

This is just a short post for anyone who paid their $100 to the TSA to get a Clear registered traveler card that lets you go through an express line at the airport security checkpoint.

A laptop containing uncrypted data for 33,000 customers (of 200,000 applicants) of the program was stolen from a locked office in San Francisco International Airport on July 26, 2008 (link to news article). Whoever took the laptop has a lot of the information you supplied in your application form, including your full name, address, phone number, passport number, and date of birth.

According to the program’s spokesman, the data did not include your credit card information or your social security number.

That’s a big consolation, I’m sure (NOT).

For now, the TSA has suspended new applications for the program (read the TSA press release). The TSA has not said whether it is notifying all of the 33,000 persons whose information was stolen, or whether they will pay to maintain a year-long credit check for affected individuals. That would be asking too much, although I think that’s also pretty fair, considering this sort of thing should have never happened.

What do you do, when you give $100 and all your personal information to a government agency so you can clear security… and then they turn around and let your information get stolen? Besides causing some people to have even less confidence in the TSA (even though the laptop and the program are handled by a contractor), what sort of security risks are these people in now? It’s not too extreme of a stretch to imagine the possibility of these names being used for fraudulent purposes, but what if it winds up causing some people to get on the security watch checklist?

Some things just make me shake my head.