Hawley apologised to employees whose identity was exposed, but said the TSA has no reason to believe any of the information has been misused. Still, the agency promised to provide affected individuals with one year of free credit monitoring service.
"We are notifying you out of an abundance of caution at this early stage of the investigation given the significance of the information contained on the device," Hawley said. "We apologise that your information may be subject to unauthorised access, and I deeply regret this incident."
The FBI and US Secret Service have opened criminal investigations, according to a separate statement.
The TSA said it has comprehensive data security policies in place and violators face "swift disciplinary action," including firing.
This is the second time in less than a year that the agency responsible for securing the nation’s airports was involved in a data breach.
Last September, a contractor accidentally mailed about 1,200 documents containing Social Security numbers of former TSA employees to incorrect addresses.
"It’s kind of ironic that the government agency charged with maintaining the security of our nation’s transportation system can’t manage the security of its own employees’ files," said Paul Stephens, policy analyst at the nonprofit Privacy Rights Clearinghouse.
"It’s a matter of having the proper protocols in place and enforcing them. A lot of times the protocols exist, and you don’t have the compliance. Typically, the failure is employee compliance."
The latest incident occurred just days after Rep. Tom Davis, R.-Va., reintroduced a bill that would require federal agencies who suffered a data breach to promptly notify victims, and have proper policies in place.
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
