Friday, August 11, 2006

Computer Theft Puts Floridians At Risk; Government Laptop Has Sensitive Data

washingtonpost.com
Computer Theft Puts Floridians At Risk
Government Laptop Has Sensitive Data
By Christopher Lee and Del Quentin Wilber
Washington Post Staff Writers

A laptop computer from the inspector general's office at the Department of Transportation was stolen last month, putting the sensitive personal information of nearly 133,000 Florida residents at risk, acting Inspector General Todd J. Zinser said yesterday.

The laptop, assigned to a special agent in the Miami office, was stolen from a government vehicle on July 27 in Doral, Fla., Zinser told Florida Gov. Jeb Bush (R) yesterday in a letter.

The computer, which requires a password to operate, contains the unencrypted names, Social Security numbers, birth dates and addresses of 42,792 Florida residents who hold a pilot's license; 80,667 people in the Miami-Dade County area who hold a commercial driver's license; and 9,496 people who were issued a personal or commercial driver's license in the Tampa area, the letter said.

"While we do not have reason to believe that the perpetrators targeted the laptop based on any knowledge of its data contents, we are nonetheless taking all possible steps to inform Florida residents," Zinser wrote.

The theft is the latest in a string of embarrassing data breaches reported by federal agencies, including the departments of Agriculture, Energy, the Navy and Veterans Affairs, as well as the Social Security Administration and the Internal Revenue Service. The most notable breach was a May 3 burglary at the home of a VA analyst. Thieves took a laptop and an external hard drive containing the names, birth dates, and Social Security numbers of as many as 26.5 million veterans and active-duty service members. The equipment was recovered. Two men were charged with the theft last week.

Although Zinser learned of the DOT IG laptop theft on July 31, he was unaware that the computer contained sensitive personal information until Saturday, according to his letter. The IG's office has dispatched a team of 10 special agents to the Miami area to work with local police, and there is a $10,000 reward for information leading to the laptop's recovery. Employees of the IG's office have been told to remove all files containing sensitive personal information from the office's laptops.

"We regret this matter and take our responsibilities seriously," Zinser wrote. Similar letters went to Florida members of Congress.

Chris Dancy, a spokesman for the Aircraft Owners and Pilots Association, said the theft concerns his group of more than 400,000 pilots. "Exactly in the same way that the loss of the VA computer caused concerns for members of the military and veterans, we are very concerned anytime there is the possibility of identity theft involving our members or airmen in general," he said.

The inspector general's office had the sensitive data as part of a multi-agency effort to crack down on people, including some with criminal records, who unlawfully obtain commercial driver's licenses and pilot's licenses, sometimes by using fraudulent Social Security numbers, according to Zinser's letter.

In a conference call with reporters yesterday, Zinser said the agent had placed the laptop in the back of a sport-utility vehicle when he went to lunch with colleagues, and he discovered hours later that the computer was missing. The data had been encrypted as recently as two weeks ago, but that protection was temporarily stripped away as part of a computer upgrade, he said.

Zinser said he is considering offering free credit monitoring to affected Florida residents, "but, quite frankly, I don't have the money to do that, and I would have to go to Congress to get it."

The agency plans to send letters to those affected and has posted a toll-free number on its Web site at http://www.oig.dot.gov/datasecurity.jsp .

At the VA, officials announced yesterday that ID Analytics, a California-based data analysis company, had agreed to try to determine whether the 26.5 million veterans and active-duty personnel whose information was stolen in May are becoming victims of identity theft. The company is performing the service at no charge. The FBI has said that it does not believe that anyone accessed the stolen VA data.

Also yesterday, the VA announced that one of its contractors, Unisys Corp., would provide free credit monitoring to as many as 38,000 veterans whose personal information was stored in a desktop computer that disappeared from a Unisys office in Reston last week.