How to Choose the Right Cybersecurity Solution REGISTER >
The hard drive was discovered missing last Thursday from a TSA controlled security area. By Friday, the agency began notifying affected employees. The missing data covers TSA personnel employed by the agency from January 2002 through August of 2005.
"It is unclear at this stage whether the device is still within headquarters or was stolen," the TSA said in a statement. "TSA is treating this incident as a criminal matter and has asked the FBI to investigate."
According to the TSA, the U.S. Secret Service is also assisting in the forensic review of equipment and facilities.
The TSA told employees it is developing a process to purchase credit monitoring services for up to one year for all affected or current employees. The service will be available for free and include monitoring of all three national credit bureau reports, fraud alerts, detection of fraudulent activities and fraud resolution and assistance.
The agency discovered the hard drive was missing on the same day Rep. Tom Davis (R-Va.) introduced the Federal Agency Data Breach Protection Act. The bill would require federal agencies to establish practices and standards for notifying citizens of lost data.
"The federal government has sensitive personal information on every citizen -- health records, tax returns, military records," Davis said in a statement. "We need to ensure the public knows when its sensitive personal information has been lost or compromised in some way."
Davis introduced similar legislation last year in the aftermath of a data breach at the Veterans Administration involving personal data on more than 26 million veterans. According to the VA, an employee violated agency policy and took a laptop with the information on it home, where it was stolen in a burglary.