The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state’s public bus service, including why the personal information of state employees who don’t even work for the agency was compromised.
The Rhode Island Public Transit Authority publicly disclosed the data breach Dec. 21, saying that unauthorized access had been gained to some of its computer systems and that private health care information — including Social Security numbers, dates of birth, and Medicare identification numbers — had been compromised.
The ACLU in a letter to the agency dated Tuesday, wants to know why the breach was identified in early August, but it reportedly took until Oct. 28 to identify the people whose private information had been hacked, and almost two more months to notify them.
“It is essential that RIPTA provide answers to the public as to why it had this private information in the first place and why it has provided misleading information about this security breach to the public,” the ACLU letter said.
The ACLU’s letter was prompted by complaints from state employees who said they did not work for RIPTA, and in some cases, had never used its bus service, the ACLU said.
The ACLU also wants to know why the U.S. Department of Health and Human Services website says 5,015 people were affected by the data breach, but RIPTA puts that number at 17,378.
RIPTA senior executive Courtney Marciano explained to The Providence Journal via email that the information on non-RIPTA employees was sent to the agency by the state’s previous health insurance provider.
She also said it took so long to inform people because identifying the people whose personal data was compromised and finding their addresses so that they could be notified was “time and labor-intensive.”
The RIPTA employees’ union in a statement said the agency “dropped the ball.”
Related: Why Mass Transit Could Be the Next Big Target for Cyber Attacks—and What to do About it
Related: Australian Health and Transport Agencies Hit by Accellion Hack
More from Associated Press
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT
- US to Adopt New Restrictions on Using Commercial Spyware
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
- Google Suspends Chinese Shopping App Amid Security Concerns
- Silicon Valley Bank Seized by FDIC as Depositors Pull Cash
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
