Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

ACLU Demands Answers About Transit Agency Data Breach

The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state’s public bus service, including why the personal information of state employees who don’t even work for the agency was compromised.

The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state’s public bus service, including why the personal information of state employees who don’t even work for the agency was compromised.

The Rhode Island Public Transit Authority publicly disclosed the data breach Dec. 21, saying that unauthorized access had been gained to some of its computer systems and that private health care information — including Social Security numbers, dates of birth, and Medicare identification numbers — had been compromised.

The ACLU in a letter to the agency dated Tuesday, wants to know why the breach was identified in early August, but it reportedly took until Oct. 28 to identify the people whose private information had been hacked, and almost two more months to notify them.

“It is essential that RIPTA provide answers to the public as to why it had this private information in the first place and why it has provided misleading information about this security breach to the public,” the ACLU letter said.

The ACLU’s letter was prompted by complaints from state employees who said they did not work for RIPTA, and in some cases, had never used its bus service, the ACLU said.

The ACLU also wants to know why the U.S. Department of Health and Human Services website says 5,015 people were affected by the data breach, but RIPTA puts that number at 17,378.

RIPTA senior executive Courtney Marciano explained to The Providence Journal via email that the information on non-RIPTA employees was sent to the agency by the state’s previous health insurance provider.

She also said it took so long to inform people because identifying the people whose personal data was compromised and finding their addresses so that they could be notified was “time and labor-intensive.”

The RIPTA employees’ union in a statement said the agency “dropped the ball.”

Related: Why Mass Transit Could Be the Next Big Target for Cyber Attacks—and What to do About it

Related: Australian Health and Transport Agencies Hit by Accellion Hack

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.