Verified Identity Pass, Inc., which operates the “Clear” program lost 33,000 customers’ records when an unencrypted laptop was stolen.
While it was recovered a week later, what happened to the data is unclear.
Among the data was:
- Names
- Addresses
- Birth dates
- Driver’s license, passport and green card data
Which one could describe as an “identity theft kit” for 33,000 people, and since the program also collects the following:
- Credit card information
- Digital photo
- Digital images of all of the applicant’s fingerprints and his or her irises
- Previous home addresses for the past five years
- Digital images of passports and driver’s licenses.
It could have been much worse.
Security expert Bruce Schneier analyzes this sort of “trusted traveler” program, and finds it wanting from a security standpoint:
I think of Clear as a $100 service that tells terrorists if the F.B.I. is on to them or not. Why in the world would we provide terrorists with this ability?