A laptop containing the sensitive personal information of 33,000 passengers seeking to enroll in an airport security prescreening program has been reported stolen from San Francisco International Airport.
The Transportation Security Administration announced late Monday that the unencrypted computer was discovered to be missing more than a week ago, though the agency was not notified until Sunday.
The TSA has suspended new enrollments in the program, known as Clear, which allows passengers to pay to use special “fast lanes” to avoid long lines at airport security checkpoints. Participants must still undergo normal security screenings once they reach the checkpoint.
“It's not so much a security issue as a violation of personal information,” said TSA spokesman Nico Melendez.
Digital Access for only $0.99
For the most comprehensive local coverage, subscribe today.
“Is there a threat to the security of the aircraft? No,” he said.
The missing laptop does not affect the more than 200,000 air travelers already enrolled in the program, according to the agency.
The laptop belonged to Verified Identity Pass Inc., which operates the program at 17 airports nationwide.
Verified Identity Pass must notify all affected applicants and show it has installed encryption on all its computers before it can restart enrollments, the agency said.
In a statement, the company said the information on the laptop, which was stolen from a locked room, “is secured by two levels of password protection.”
The company said that the information on the computer includes applicants' names, addresses, birth dates and, in some cases, driver's license, passport and green card numbers. The laptop did not contain Social Security numbers, credit card numbers or fingerprint or iris images used to verify identities at the checkpoints, according to the statement.
“We don't believe the security or privacy of these would-be members will be compromised in any way,” said Verified Identity Pass Chief Executive Steven Brill.
The company says it has started the process of notifying the 33,000 applicants, most of whom had signed up online, but hadn't completed the enrollment process.