TSA suffers data loss; lawmakers watch closely

The Transportation Security Administration is investigating the possible loss or theft of an external hard drive that contained the payroll data of about 100,000 current and former employees, including their Social Security numbers and bank account and routing information. The records affect individuals employed by TSA from January 2002 until August 2005, the agency of the Homeland Security Department said in a statement.

The hard drive was discovered missing from a controlled area at the TSA headquarters’ Office of Human Capital in Arlington, Va.

“It is unclear at this stage whether the device is still within headquarters or was stolen,” said TSA Administrator Kip Hawley in a May 4 letter to affected employees.

Although TSA is responsible for security across the transportation sector, there were gaps at home, said Rep. Tom Davis (R-Va.), ranking member of the House Oversight and Government Reform Committee.

“As we debate DHS' role regarding cybersecurity, it appears the agency wasn't watching the threats at home,” he said.
TSA’s data loss comes on the heels of a data security and notification bill that Davis introduced last week.

The Federal Agency Data Breach Protection Act directs the Office of Management and Budget to establish standards and practices for informing citizens of lost data and provides a clear definition of the type of sensitive information for which the law would apply. It also gives agency chief information officers authority to ensure employees comply with data security laws.

“My bill would help before and after: It requires that equipment containing potentially sensitive information be accounted for and secure, and it requires citizens receive prompt notice if personal information held by a federal agency is compromised,” Davis said.

Agencies began to further tighten security last year after the theft of a laptop computer containing personal data on millions of veterans from the home of a Veterans Affairs Department employee.

In the most recently reported data breach last month, the Agriculture Department became aware it had inadvertently made public the Social Security numbers of 38,700 grant and loan recipients through the Federal Assistance Awards Data System. The numbers were part of a 15-digit string that acted as a loan recipient’s federal award number.

The House Homeland Security Committee is watching closely how TSA’s investigation unfolds. “My concern lies with the tens of thousands of employees who are affected,” said committee Chairman Bennie Thompson (D-Miss.). “For an agency suffering from morale problems, this is a terrible and unfortunate blow.”

Rep. Sheila Jackson Lee (D-Texas), chairwoman of the committee’s Transportation Security and Infrastructure Protection Subcommittee, plans to conduct hearings on the incident, said Dena Graziano, committee spokeswoman.

TSA will provide the affected employees with identity theft protection and credit monitoring for one year, as necessary. Hawley apologized in the letter for the incident. TSA said it has extensive data protections protocols and training in place for its employees regarding data privacy. TSA said it will take swift disciplinary action, including dismissal, against individuals found to be in violation of its procedures.

TSA immediately reported the incident to senior DHS and law enforcement officials when it became apparent May 3 and launched an investigation. TSA is treating the incident as a criminal matter and asked the FBI to investigate. The Secret Service is also assisting in the forensic review of equipment and facilities.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.