The Department of Transportation (DOT) has stepped up priorities in responding to the theft of two agency computers in Florida that contained personal information about commercial driver license (CDL) holders.
The two computers were assigned to special agents of the DOT's Office of the Inspector General. One theft occurred in April and the other in July. A third laptop computer containing CDL information was stolen in a separate incident from DOT's Federal Motor Carrier Safety Administration (FMCSA) August 22 in Baltimore MD, according to earlier DOT information.
"We are contacting those persons whose data was contained on the backup file for the laptop stolen in Miami," DOT said in its August 22 status report of the Florida incidents. "As of close of business August 21, 2006, we have mailed approximately 62,000 letters and are working to obtain addresses for the remaining individuals so we can complete the mailing as quickly as possible."
DOT said the computer stolen in July in Florida contained data of 133,000 Florida residents, including holders of the CDLs, FAA airman certificates, and personal driver licenses obtained from the Largo FL licensing facility. The data did not contain financial or medical data, but did contain personally identifiable information. DOT did not elaborate in its news release on the computer's contents that was stolen in April.
FMCSA said the laptop taken in Maryland may contain personally identifiable information pertaining to 193 individuals who hold a commercial driver's license (CDL) from 40 motor carrier companies. It does not appear that the laptop contained any financial or medical information, but it did contain individual names, dates of birth, and CDL numbers.
The July theft in Florida occurred when the laptop was taken from a government vehicle. In the April theft in Florida, the laptop was seized from a hotel meeting room. The Maryland incident also involved the computer being stolen from a government vehicle. DOT said the thefts are the first reported since the agency began using laptops more than a decade ago.
Responding to the Florida incidents, DOT said it has set four priorities in the cases: recovery of the laptop stolen in July in Miami (and further investigations into the April theft), completing the investigation of the July theft, determining whether DOT polices regarding sensitive information and computer security were followed, and strengthening polices and procedures to prevent further incidents.
DOT also said it may consult an outside expert to evaluate internal controls. In addition, OIG investigators have been instructed not to leave laptops or electronic storage media unattended, to remove any databases containing personally-identifiable information from laptops, and to ensure that all sensitive data is stored in encrypted folders.
DOT recommends that people who may have had information about themselves in the data contact one of the three major credit reporting bureaus to request that an initial fraud alert be placed on their credit record (which entitles them to one free credit report from each company); monitor bank and credit card statements and contact financial institutions to check for any suspicious activity on their accounts; and be vigilant to any phone calls, e-mails, and other communications from individuals purporting to be government officials and phishing for or asking to verify personal information. A DOT toll-free telephone number is available for further information at 800-424-9071.