Personal information of 237,000 U.S. government employees leaked
A disconcerting breach of data recently transpired within the confines of the U.S. Department of Transportation (USDOT), revealing the personal information of approximately 237,000 current and former federal government employees. This regrettable breach involved a system known as TRANServe, a digital travel pass system supervised by the USDOT and utilized for the handling of transportation allowances and reimbursement of commuting expenses for government employees. At present, it remains uncertain whether the exposed personal information has been exploited for criminal purposes.
On the twelfth day of the month, the USDOT reported this unsettling incident of data leakage to Congress, maintaining that their preliminary investigation had “isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing.” The USDOT, in an official statement, assured that this incident did not compromise any transportation safety systems. However, they have yet to disclose the identities of the malefactors behind the cyberattack.
The USDOT has declared that access to the transportation allowance system has been temporarily suspended until its security can be assuredly reinstated. It’s been noted that federal government employees could receive a maximum of $280 per month as public transportation commuting allowances. This wide-reaching breach incident has impacted approximately 114,000 current employees and 123,000 former employees.
On May 15, the U.S. Government Accountability Office (GAO) released a report accusing the USDOT of not fully implementing its cybersecurity responsibilities. As of April 2023, the department had only implemented 16 of the recommended 178 actions. Jennifer Franks, the director of the GAO’s cybersecurity team, stated that most of the cybersecurity and IT issues faced by the department can be attributed to labor issues, with a critical deficiency being the lack of supervision over privacy issues.
It’s worth noting that federal employees and agencies have been frequent targets of hacking attacks in the past. In 2014 and 2015, two data breaches at the U.S. Office of Personnel Management (OPM) exposed the sensitive data of over 22 million individuals, which included 4.2 million federal employees and 5.6 million individual fingerprint data. Furthermore, according to a Reuters report in 2021, nine federal agencies were infiltrated, with suspected Russian hackers believed to have compromised the U.S. Department of Justice’s network and accessed the Treasury, Commerce, and Department of Homeland Security’s emails.