NEW YORK, NY (August 5, 2008) – Verified Identity Pass, Inc. today confirmed that it recovered the laptop from its office at the San Francisco Airport that it had reported missing to authorities and the Transportation Security Administration. Moreover, Verified Identity Pass has determined from a preliminary investigation that the laptop was not accessed from the time it went missing in the office until the time it was found. Further forensic investigation is being conducted by law enforcement officials.
“We apologize for the confusion, but in an abundance of caution, we treated this unaccounted-for laptop as a serious potential breach. We’re glad to confirm that a preliminary investigation shows no personal information was compromised,” said Verified Identity Pass CEO Steven Brill. Verified Identity Pass had earlier reported that it was in the process of notifying 33,000 people – most of whom had signed up online but not yet completed their in-person enrollments, plus a small portion of members who were in the process of having to re-enroll because there had been trouble collecting their biometrics – that a laptop containing a limited portion of the personally identifiable information that they submit to begin an application was stolen from a locked office at the San Francisco Airport. That notification will now include the finding that the laptop has been found and that no one attempted to access that information, let alone obtained it.
Verified Identity Pass had also announced that it was suspending enrollment processes temporarily until this information was encrypted for further protection. All airport lane operations have continued as normal. The information on the laptop had already been secured by two levels of password protection. Verified Identity Pass, Inc. is in the process of completing that software fix – and other laptop security enhancements – to encrypt the data. Verified now expects that the fix will be in place within days.
The data in question on the laptop included a limited amount of the online applicant’s personal information, but did not include any credit information, including credit card numbers, and it did not include the applicant’s Social Security number. It also did not include any biometric information, such as the applicant’s encrypted fingerprint images or encrypted iris images, which are supplied during the second, in-person enrollment process that takes place at the airport.