Wednesday, August 6, 2008

33,000 Customer Profiles Lost by TSA Vendor

This morning, it was announced that VIP, one of the vendors behind Clear, the smartcard that allows frequent travelers to breeze through TSA-controlled security lines at airports, lost 33,000 personal profiles of its VIP customers when one of its laptops went missing.

The 33,000 customer profiles were *not* encrypted.

Despite the company having adopted an internal policy of always encrypting important data (i.e. like customer profiles), the missing profiles may apparently be freely viewed by identity thieves, terrorists, or pawn shop owners with equal ease.

Which means that whoever now has this laptop has exactly the personal profiles most useful in engaging in acts of terrorism. A more perfect treasure trove of targeted identities could not be imagined.

I don't know about you, but I'm really tired of hearing about vendors that put data on laptops and then lose that data - data that consumers have entrusted to them.

I'm also tired of hearing vendors say "we don't think anything bad is going to happen because of our mistake". Yeah, right.

There is no reason on this Earth that anyone should ever download their entire unencrypted database of customers onto a laptop. None. Zip. Zero.

Congress - want to pass a new law? You should make this kind of action - carrying around unencrypted customer profiles on a laptop - subject to a massive fine, and I mean massive. That might start to clean things up.

Though somehow, I doubt it.

No comments: