The American Federation of Government Employees claims that the agency responsible for securing the nation’s airports violated union guidelines and federal law, which mandates a security system to be in place restricting the unauthorised release of personal data.
The drive was discovered to be lost or stolen last week.
"TSA must be held liable for this wanton disregard for employee privacy," AFGE National President John Gage said in a statement on Tuesday.
The suit is seeking to force the TSA to implement monitoring and encryption technology for use in mobile devices. The union is also asking for the TSA to allow workers to receive paid leave should they need to address issues caused by identity theft.
Ann Davis, a TSA spokeswoman, told SCMagazine.com that the agency's policy is to not comment on pending litigation. The investigation into the missing hard drive continues, she added.
The hard drive, discovered missing from a controlled area at the federal agency on Thursday, contained the names, Social Security numbers, birth dates, bank account and routing data and payroll information of employees who worked for the agency between January 2002 and August 2005, TSA administrator Kip Hawley said in a notification letter to victims. Authorities are unsure whether the data was lost or stolen.
Hawley apologised to employees whose identity was exposed, but said the TSA has no reason to believe any of the information has been misused. Still, the agency promised to provide affected individuals with one year of free credit monitoring service.
"We are notifying you out of an abundance of caution at this early stage of the investigation given the significance of the information contained on the device," Hawley said. "We apologise that your information may be subject to unauthorized access, and I deeply regret this incident."
The FBI and US Secret Service have opened criminal investigations, according to a separate statement.
Union sues TSA over data breach
By Dan Kaplan on May 11, 2007 12:55AM