TAMPA, Fla. -- 10Investigates is getting the attention of the Transportation Security Administration and Florida Attorney General's office.
Both are now looking into a computer breach at Tampa International Airport uncovered by 10Investigates that the Aviation Authority did not share with the public.
On Monday, TIA Executive Director Joe Lopano told the board after our stories aired, the Aviation Authority has been contacted by the attorney general and TSA. He says they have provided documents to the TSA and are going to be meeting with people in the Attorney General’s Office.
At the board meeting, information technology security expert Tom Couture blasted the Aviation Authority's handling of the computer breach and what he said was a lack of transparency.
Couture told the board, “This looks fishy. This looks like the sign of a cover-up.”
Former airport IT employees have been warning how sharing of passwords and usernames could have compromised -- among other things -- customer information, Social Security numbers, and secret no-fly lists.
However, Aviation Authority attorney Michael Stephens tried to downplay the problem. Stephens says a consultant hired by the airport did not find any significant information was compromised.
But, when 10Investigates pointed out what the consultant found, “it was inconclusive” regarding what information was compromised, Stephens admitted, ”That’s why we are continuing to look at it .”
Now, following the 10Investigates stories on the breach, the Aviation Authority is hiring two additional consultants to review the IT department and what information has been compromised.
Lopano says he wants answers.
“It’s unacceptable, and people exercised really bad judgment, ” Lopano explained.
He also said he was unaware the chief IT security officer warned his bosses about problems as a result of the security breach and was told he could no longer be trusted.
Lopano says that goes against the policy of the airport, however, the chief IT officer resigned.
The Aviation Authority predicts it could take at least five months before the new reports can determine what information was compromised.