A laptop reported missing by a vendor of the U.S. Transportation Security Administration‘s (TSA) Registered Traveler program has been found, the vendor said.
Verified Identity Pass (VIP), which operates a Registered Traveler program under the brand Clear, said a preliminary investigation has suggested that none of the personal information of 33,000 customers contained on the laptop had been accessed by unauthorized people. VIP announced late Tuesday that the laptop had been found.
“We apologize for the confusion but in an abundance of caution, we treated this unaccounted-for laptop as a serious potential breach,” VIP CEO Steven Brill said in a statement. “We’re glad to confirm that a preliminary investigation shows no personal information was compromised.”
Law enforcement officials are conducting further forensic tests, VIP said in a press release.
The laptop went missing from a locked office at the San Francisco International Airport on July 26, and VIP began notifying customers of the breach late Monday, after the TSA announced it had suspended VIP from enrolling new customers into its Registered Traveler program.
The laptop contained unencrypted personal records, including names, addresses, birth dates, driver’s license numbers and passport numbers of customers seeking to enroll in the company’s Registered Traveler program. TSA required Registered Traveler vendors to encrypt personal information, a TSA spokeswoman said Tuesday.
The laptop did not contain credit card or Social Security numbers, VIP said.
VIP is one of seven vendors authorized by TSA to offer Registered Traveler programs, which allow frequent air travelers to have background checks completed before they travel so that they can spend less time in security lines at airports.
A VIP spokeswoman didn’t immediately respond to an e-mail asking questions about the circumstances of the laptop recovery. The laptop was found at the San Francisco airport, the TSA said in a press release. A TSA spokeswoman said she couldn’t comment further on how the laptop was found, citing an ongoing investigation.
VIP has about 200,000 Registered Traveler customers, and it operates at 17 airports, including airports in or near New York City; Washington, D.C.; Los Angeles; Denver; and San Jose, California. The TSA’s Registered Traveler program has been operating since 2005.
VIP will be required to submit an independent audit, verifying that required security measures are in place, the TSA said. The agency will verify the audits before VIP can resume its Registered Traveler program.
The information on the laptop was secured by two levels of password protection, VIP said. The company is working on a software fix, and other laptop security enhancements, to encrypt the data, VIP said. The company expects the improvements to be completed within days.