Posted by: Kristen Caretta
CIO, Midmarket CIO, Security
The search for the missing Registered Traveler laptop is finally over. The laptop, belonging to Verified Identity Pass Inc.(VIP), was reported missing from a locked office in the San Francisco International Airport on July 26. The laptop was unencrypted and contained the personal information of 33,000 people (including names, passport numbers and addresses) who were enrolled (or were in the process of enrolling) in Clear, VIPs Registered Traveler Program. On August 5, local news station CBS 5 reported the laptop had been found in the office it had gone missing from. VIP spokeswoman Allison Beer said, “it was not in an obvious location.”
Huh? Could this information be so easily misplaced?
According to their site, Clear members are prescreened (personal information, biometric data, etc.) and are able to pass through security fast lanes at designated airports, “saving time” while traveling. What about saving their information in encrypted files?
In their August 5 press release, VIP CEO Steve Brill apologized for the confusion and reassured Clear members, stating “…in an abundance of caution, we treated this unaccounted-for laptop as a serious potential breach. We’re glad to confirm that a preliminary investigation shows no personal information was compromised.” Losing the laptop in the first place compromises information. Again, this wasn’t just any company laptop—this laptop was loaded with personal unencrypted information. Again, why was this information left unsecured?
Having your laptop stolen (or misplacing it) is a scary thing (more so if you have to answer to 33,000 people and not just your company’s IT department), yet people are still having a difficult time keeping tabs on them. According to UK site The Register, Absolute Software has even recently added GPS tracking to its laptop theft recovery service. Embedded GPS receivers submit latitude and longitude information to Absolute’s Web-based IT management portal, showing current and previous locations the laptop had been. Of course, this also eliminates some of the user’s privacy. As stated in the article, “use of the technology means that salesmen may no longer be able to claim that they are visiting client premises rather than sneaking down the pub.”
As technology grows and changes, personal privacy may be thing of the past. Is this ultimately a good thing if it keeps our information safer? Can we even trust those who have our personal data? People are banking online, scanning their irises to breeze through airport security and fingerprint scanning to access their laptops—and this personal information could be targeted by thieves and hackers.
Who knows? What I do know is this: keep an eye on your data and your laptop (I’ll even throw in a tip on laptop protection).