Professional Aviation Safety SpecialistsHOMEHOME
PASS

 
Join PASS

Message From PASS President Tom Brantley
Regarding FAA Security Breach
February 12, 2009

As you may be aware, on February 1, 2009, the FAA suffered a security breach on one of its administrative servers. This resulted in the loss of 48 files, including one that contained the names and Social Security numbers of over 45,000 FAA employees. If you were an FAA employee during the first pay period of February 2006, your information was included. Another file contained information on 4,700 Aviation Safety (AVS) employees.

According to the agency, the data was on the server to be used for “application development.” The files had not been used in some time and it is unclear why the agency had not removed them from this server when the testing was no longer in progress. It is also unclear why the FAA waited for more than a week before briefing unions and notifying employees. The agency claims that it acted “quickly and thoughtfully to first gather all the facts,” as well as working with the Department of Homeland Security, FBI, NSA and others to investigate the breach. However, it would seem that investigating the incident took precedence over notifying the affected employees. PASS believes that notification should occur as soon as the FAA is aware of a breach that potentially affects employees and will continue to press the agency to be more responsive to employees when these types of incidents take place.

PASS is continuing to look into potential actions that the FAA can take to help prevent this security breach from impacting employees and steps to take after an employee becomes aware that their personal information is being used inappropriately. I ask that any employee represented by PASS who learns that has his/her personal information is being or has been compromised notify both the agency and PASS immediately. The FAA should be notified so that it can fulfill its obligation to ensure that employees are not ultimately harmed because of an agency mistake, and PASS must be notified to allow us to make certain that the agency lives up to its obligation to keep employees from harm.

One of the first things the agency has agreed to provide is free credit monitoring services to all FAA employees and affected separated employees for a period of 12 months. The FAA has subscribed to a credit monitoring service offered by GSA and you will soon receive a letter from the FAA describing the service and enrollment procedures. You will also receive additional information on other steps employees can take to help protect their personal information from identity theft. It is important to note that employees who choose to use a service other than the FAA-contracted GSA service will be personally responsible for the cost of that service.

PASS will continue to monitor the situation and will update you with any new information that we receive.
 
PASS - (202) 293-7277