The Department of Transportation (DOT) has stepped up priorities in responding to the theft of two agency computers in Florida that contained personal information about commercial driver license (CDL) holders.
These computers were assigned to special agents of the DOT's Office of the Inspector General. One theft occurred in April and the other in July. A third laptop computer containing CDL information was stolen in a separate incident from DOT's Federal Motor Carrier Safety Administration (FMCSA) August 22 in Baltimore MD.
”We are contacting those persons whose data was contained on the backup file for the laptop stolen in Miami,” DOT said in its August 22 status report on the Florida incidents. “As of close of business Aug 21, 2006, we have mailed approximately 62,000 letters and are working to obtain addresses for the remaining individuals so we can complete the mailing as quickly as possible.”
DOT said the computer stolen in July in Florida contained data of 133,000 Florida residents, including holders of the CDLs, FAA airman certificates, and personal driver licenses obtained from the Largo FL licensing facility. The data did not contain financial or medical data, but did contain personally identifiable information. DOT did not elaborate in its news release on the computer's contents that was stolen in April.
FMCSA said the laptop taken in Maryland may contain personally identifiable information pertaining to 193 individuals who hold a commercial driver's license (CDL) from 40 motor carrier companies. It does not appear that the laptop contained any financial or medical information, but it did contain individual names, dates of birth, and CDL numbers.
The July theft in Florida occurred when the laptop was taken from a government vehicle. In the April theft in Florida, the laptop was seized from a hotel meeting room. The Maryland incident also involved the computer being stolen from a government vehicle. DOT said the thefts are the first reported since the agency began using laptops more than a decade ago.
Responding to the Florida incidents, DOT said it has set four priorities in the cases: recovery of the laptop stolen in July in Miami (and further investigations into the April theft), completing the investigation of the July theft, determining whether DOT polices regarding sensitive information and computer security were followed, and strengthening polices and procedures to prevent further incidents.
DOT also said it may consult an outside expert to evaluate internal controls. In addition, OIG investigators have been instructed not to leave laptops or electronic storage media unattended, to remove any databases containing personally-identifiable information from laptops, and to ensure that all sensitive data is stored in encrypted folders.
A toll-free telephone number is available for further information at 800-424-9071.
