In a significant cybersecurity incident, the US Department of Transportation (USDOT) has suffered a data breach, leading to the exposure of the personal information of 237,000 current and former US government employees, according to a report by Reuters. The breach hit systems that process TRANServe transit benefits – a program that reimburses federal government employees for certain commuting expenses.
The data breach impacted 114,000 currently employed individuals and 123,000 former employees. “Our initial investigation has isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing,” stated the USDOT in an email to Congress. The USDOT has not yet identified or released information regarding the party responsible for this breach.
The USDOT has suspended access to the transit benefit system in response to the breach. The department said, “We are currently investigating the breach and have frozen access to the transit benefit system until it has been secured and restored.”
The exposure raises concerns given the value of transit benefits, with the maximum allowance standing at $280 per month for federal employee mass transit commuting costs. However, it remains unclear if any of the exposed personal information has been utilized for illegal purposes.
This event marks another instance of cybersecurity attacks against US government entities. The US Office of Personnel Management (OPM) experienced two breaches in 2014 and 2015, compromising the sensitive data of over 22 million people, including 4.2 million current and federal employees. The breaches also exposed the fingerprint data of 5.6 million individuals.
Further, in 2021, suspected Russian hackers exploited SolarWinds and Microsoft software, infiltrating unclassified networks of the Justice Department and accessing emails at the Treasury, Commerce, and Homeland Security departments, as reported by Reuters.
The recent USDOT data breach underscores the persistent threat of cyberattacks on governmental agencies and the need for robust cybersecurity measures. It also reiterates the importance of immediate action to safeguard the personal information of federal employees, given the potential misuse of such data in criminal activities.