Transportation Security Administration Data Breach (2009)

At the request of the Secretary for the Department of Homeland Security, we reviewed the events surrounding the release of Sensitive Security Information contained in the Transportation Security Administration's Screening Management Standard Operating Procedures. The Transportation Security Administration posted the document on March 3, 2009, and reposted it on March 16, 2009, to the Federal Business Opportunities, or FedBizOpps.gov, website, as part of a solicitation to privatize seven airports in the State of Montana. The objectives of our review were to determine how and why the release occurred, and whether management controls are in place and operational to ensure that a similar event would not recur. We determined that for the two documents in question, the redactions were not applied properly, and appropriate quality control procedures were not in place to protect against inadvertent disclosure. Consequently, Sensitive Security Information was visible in a public document posted on the internet.