I told you so: Another laptop went missing. Who's to blame TSA or VIP?

Well what can I say? We have written about this before and it seems no one listens. A company that works with the TSA and registers customer for the VIP (Verified Identity Pass) travel program lost a laptop. This contained 33,000 records of people who were on the VIP program.  The laptop had two layers of password protection they say, it was in a locked office with security cameras. The laptop contained customer names, addresses, birth dates, and in some cases driver's license numbers, passport numbers or alien registration numbers. The laptop did not contain credit card or Social Security numbers, or biometric information such as fingerprints the company said.

"We don't believe the security or privacy of these would-be members will be compromised in any way," VIP CEO Steven Brill said in a statement. "But out of an abundance of caution, and in keeping with a policy of always leveling with our members, we wanted to issue this warning regardless of which state law may or may not require it."

I am sorry but WAKE UP MR.CEO and get with the program!!!!!!!!

If you lose someone's information such as address, birth dates and drivers licenses and you think that this is not a security breach that will affect customers? This is the problem we have with some C-Level executives in this world, not a clue when it comes to security. I would wonder if he is now taking this time to fire his CISO or CIO for this security problem and breach. Mr. Brill you need to encrypt every computer you have no matter where they are, also you need to put end point security on each computer to stop people from using USB or CD\DVD drives to burn information off the computer. I bet you did not think of that one.

The TSA requires Registered Traveler vendors to encrypt personal data, said TSA spokeswoman Ann Davis 

The big question is with this major security breach what will the TSA do?  They said VIP will be required to submit an independent audit, verifying that required security measures are in place. The TSA agency will verify the audits before VIP can resume its Registered Traveler program, Davis added. We think they should be fired as a agent, if you lost your information you would say the same thing. But the government is going to look the other way from what it seems if they can come back to be compliant.

VIP is also offering affected customers free identity theft protection, the company said. A little too late?

The point of this is to show what can happen if you do not take steps to encrypt all of your computers and put endpoint security on every computer. Pluto Networks is a partner with a major Full Disk Encryption Player and we talk to customer about this all the time, you would be amazed at the number of C-Level executives and network administrators who think they know more than us. I have heard it too many times; it will never happen to us, our computers are locked down through active directory. They have no clue.

So don't be the next headline, take security seriously and encrypt. If you have questions or need an evaluation of a product for your company please send me an email or post here.

Please tell us, does your company use a full disk encryption product and are you happy with it? If you are not using full disk encryption why?