FlyClear Security Breach

Posted on August 7, 2008
Filed Under Uncategorized |

Not sure how I feel about this:

We take the protection of your privacy extremely seriously at Clear. That’s why we announced on Tuesday that a laptop from our office at the San Francisco Airport containing a small part of some applicants’ pre-enrollment information (but not Social Security numbers or credit card information) recently went missing. None of your information was in any way implicated. However, we were prepared to send those applicants and members who were affected the appropriate notice on Tuesday detailing that situation.

Before we could send out that notice, the laptop was recovered. And, we have determined from a preliminary investigation that no one logged into the computer from the time it went missing in the office until the time it was found. Therefore, no unauthorized person has obtained any personal information.

But they do have a reasonable notification process and even though the breach occurred two weeks ago, it doesn’t appear that the latency is any worse that other data security issues in the past. I thought that this part was particularly candid:

The personal information on the enrollment system was protected by two separate passwords, but Clear is in the process of completing a software fix – and other security enhancements – to encrypt the data, which is what we should have done all along, just the way we encrypt all of the other data submitted by applicants.

Which actually leads me to the reason for my post. When will companies realize that any secure data on a portable computer is an inherent security risk? I can think of no compelling reason that would require this kind of applicant data to be on a portable computer when the data in question could easily be stored on a server and downloaded when required and destroyed locally when no longer needed.

Strong security begins not with the technology you are deploying but the process you are using to work with data.

Post to Twitter

More on this topic (What's this?)
Robo-Signing is the Tip of the Iceberg for the Banks (Money Morning, 2/3/12)
Need Cash for Your Business? Consider a Merchant Cash Advance (The Money Gardener, 1/3/12)
Concessions A Comin' (Random Roger's Big Picture, 12/23/11)
Will the Retailer Battle with Credit Card Companies Help Consumers? (Michael James on Money, 12/11/11)
Read more on Social Security, Credit Cards at Wikinvest

Comments