Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

ACLU Demands Answers About Transit Agency Data Breach

The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state’s public bus service, including why the personal information of state employees who don’t even work for the agency was compromised.

The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state’s public bus service, including why the personal information of state employees who don’t even work for the agency was compromised.

The Rhode Island Public Transit Authority publicly disclosed the data breach Dec. 21, saying that unauthorized access had been gained to some of its computer systems and that private health care information — including Social Security numbers, dates of birth, and Medicare identification numbers — had been compromised.

The ACLU in a letter to the agency dated Tuesday, wants to know why the breach was identified in early August, but it reportedly took until Oct. 28 to identify the people whose private information had been hacked, and almost two more months to notify them.

“It is essential that RIPTA provide answers to the public as to why it had this private information in the first place and why it has provided misleading information about this security breach to the public,” the ACLU letter said.

The ACLU’s letter was prompted by complaints from state employees who said they did not work for RIPTA, and in some cases, had never used its bus service, the ACLU said.

The ACLU also wants to know why the U.S. Department of Health and Human Services website says 5,015 people were affected by the data breach, but RIPTA puts that number at 17,378.

Advertisement. Scroll to continue reading.

RIPTA senior executive Courtney Marciano explained to The Providence Journal via email that the information on non-RIPTA employees was sent to the agency by the state’s previous health insurance provider.

She also said it took so long to inform people because identifying the people whose personal data was compromised and finding their addresses so that they could be notified was “time and labor-intensive.”

The RIPTA employees’ union in a statement said the agency “dropped the ball.”

Related: Why Mass Transit Could Be the Next Big Target for Cyber Attacks—and What to do About it

Related: Australian Health and Transport Agencies Hit by Accellion Hack

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.