SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

ACLU Demands Answers About Transit Agency Data Breach

The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state’s public bus service, including why the personal information of state employees who don’t even work for the agency was compromised.

The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state’s public bus service, including why the personal information of state employees who don’t even work for the agency was compromised.

The Rhode Island Public Transit Authority publicly disclosed the data breach Dec. 21, saying that unauthorized access had been gained to some of its computer systems and that private health care information — including Social Security numbers, dates of birth, and Medicare identification numbers — had been compromised.

The ACLU in a letter to the agency dated Tuesday, wants to know why the breach was identified in early August, but it reportedly took until Oct. 28 to identify the people whose private information had been hacked, and almost two more months to notify them.

“It is essential that RIPTA provide answers to the public as to why it had this private information in the first place and why it has provided misleading information about this security breach to the public,” the ACLU letter said.

The ACLU’s letter was prompted by complaints from state employees who said they did not work for RIPTA, and in some cases, had never used its bus service, the ACLU said.

The ACLU also wants to know why the U.S. Department of Health and Human Services website says 5,015 people were affected by the data breach, but RIPTA puts that number at 17,378.

RIPTA senior executive Courtney Marciano explained to The Providence Journal via email that the information on non-RIPTA employees was sent to the agency by the state’s previous health insurance provider.

She also said it took so long to inform people because identifying the people whose personal data was compromised and finding their addresses so that they could be notified was “time and labor-intensive.”

Advertisement. Scroll to continue reading.

The RIPTA employees’ union in a statement said the agency “dropped the ball.”

Related: Why Mass Transit Could Be the Next Big Target for Cyber Attacks—and What to do About it

Related: Australian Health and Transport Agencies Hit by Accellion Hack

Written By

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

Former Wiz executive Trish Cagliostro has joined Orchid Security as Chief Revenue Officer.

Transcend has named former UnitedHealth Group CISO Aimee Cardwell as CISO in Residence.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.