The Transportation Security Administration (TSA) is missing a hard drive containing some 100,000 current and former employee payroll records. The missing data contains names, Social Security numbers, payroll information, bank account and routing information.
The hard drive was discovered missing last Thursday from a TSA controlled security area. By Friday, the agency began notifying affected employees. The missing data covers TSA personnel employed by the agency from January 2002 through August of 2005.
“It is unclear at this stage whether the device is still within headquarters or was stolen,” the TSA said in a statement. “TSA is treating this incident as a criminal matter and has asked the FBI to investigate.”
According to the TSA, the U.S. Secret Service is also assisting in the forensic review of equipment and facilities.
In a letter to employees, the agency wrote, “TSA has no evidence that an unauthorized individual is using your personal information, but we bring this incident to your attention so that you can be alert to signs of any possible misuse of your identity.”
The TSA told employees it is developing a process to purchase credit monitoring services for up to one year for all affected or current employees. The service will be available for free and include monitoring of all three national credit bureau reports, fraud alerts, detection of fraudulent activities and fraud resolution and assistance.
The agency discovered the hard drive was missing on the same day Rep. Tom Davis (R-Va.) introduced the Federal Agency Data Breach Protection Act. The bill would require federal agencies to establish practices and standards for notifying citizens of lost data.
“The federal government has sensitive personal information on every citizen — health records, tax returns, military records,” Davis said in a statement. “We need to ensure the public knows when its sensitive personal information has been lost or compromised in some way.”
Davis introduced similar legislation last year in the aftermath of a data breach at the Veterans Administration involving personal data on more than 26 million veterans. According to the VA, an employee violated agency policy and took a laptop with the information on it home, where it was stolen in a burglary.
Law enforcement officials eventually recovered the laptop and the FBI and the VA’s Office of the Inspector General ultimately determined the thief had not compromised the data on the laptop.
The VA breach was the start of a series of startling data breaches disclosed by the government last summer. The agencies losing data included the Navy, The Department of Agriculture and the Federal Trade Commission.