Labor union files suit over TSA data loss

A federal labor union filed a class action lawsuit Tuesday against the Homeland Security Department and its Transportation Security Administration, charging that the government acted recklessly when it lost sensitive personal data on 100,000 TSA employees.

The lawsuit, filed by the American Federation of Government Employees and four transportation security officers in the U.S. District Court for the District of Columbia, seeks an order for TSA to develop new security procedures consistent with the 2001 Aviation and Transportation Security Act and the 1974 Privacy Act.

The 15-page civil suit also asks that affected employees be granted administrative leave to give them time to protect against potential identity theft and financial problems created by the incident.

"TSA's reckless behavior is clearly in violation of the law," said John Gage, AFGE's national president. "TSA must be held liable for this wanton disregard for employee privacy. A DHS agency that cannot even shield its own employee data is not reassuring."

TSA learned on May 3 that the external computer hard drive holding the sensitive data was missing from a controlled area at the agency's headquarters human capital office. The breach affects all TSA employees hired between January 2002 and August 2005; the missing data includes names, Social Security numbers, dates of birth, payroll information, financial allotments and bank account and routing numbers.

Law enforcement officials were immediately notified and a criminal investigation was launched by the Secret Service and the FBI, according to TSA. Agency officials notified all employees of the incident on May 4 after an initial search failed to turn up the hard drive.

TSA officials refused to comment on the lawsuit, but have said there is no evidence that an unauthorized individual has used the information.

TSA is advising affected individuals to monitor financial accounts continuously for suspicious activity, and is providing one year of free credit monitoring from Identity Force, a service that includes identity theft insurance up to $25,000.

The Aviation and Transportation Security Act requires the TSA administrator to "ensure the adequacy of security measures at airports" and the Privacy Act directs that every federal agency have in place a security system to prevent the unauthorized release of personal records.

"The maintenance and safeguarding of personnel data is vital to the protection of security at our nation's airports," Gage added. "If the stolen information were to fall into the wrong hands, false identity badges easily could be created in order to gain access to secure areas."

The TSA data breach is the latest in a series of security breakdowns that have touched nearly every federal agency. The largest occurred in May 2006 when a computer containing the personal information of about 26.5 million veterans and active-duty military members was stolen from the home of a Veterans Affairs Department employee. The computer was later recovered.

Just last month, Agriculture Department officials learned that 38,700 Social Security numbers of farmers were publicly available on the Internet. The Census Bureau said in March that it accidentally posted personal information concerning 302 American households on a public Web site.