TSA Site Exposed Travelers To ID Theft

A House of Representatives panel yesterday released a damning report about a Transportation Security Administration Web site built to address grievances from travelers errantly flagged by the government's no-fly list. It conlucded that cronyism and a lack of oversight exposed thousands of site visitors to identity theft.

The House Committee on Oversight and Government Reform began its investigation into security lapses at the TSA's Traveler Redress Web site last year, after Security Fix and other media outlets pointed out that the site accepted Social Security numbers and other sensitive information from travelers without encrypting the data, potentially allowing hackers to intercept the data. Wired.com noted in its coverage that the site was so laden in spelling errors that it resembled a phishing Web site, the sort typically set up by scammers to lure people into giving away personal and financial data.

The report, which liberally cites content and reader comments from Security Fix and Wired.com, found that the TSA awarded the contract without competition to Boston, Va based Desyne Web Services, and that the guy in charge of awarding the contract had previously worked at Desyne and was good friends with the owner. To date, Desyne has been awarded more than half a million taxpayer dollars worth of no-bid contracts by the TSA, according to the report.