US Department of Transportation responds to breach of employee data

The U.S. Department of Transportation (DOT) is still investigating a data breach that came to light on Friday.

First reported by Reuters, the breach leaked the personal information of 237,000 current and former federal government employees. In a letter to Congress, the DOT said the incident affected the TRANServe transit benefits system that reimburses government employees for some commuting costs.

In a statement to Recorded Future News, the Office of the Chief Information Officer (OCIO) at DOT said it was continuing to investigate a data breach.

“The preliminary investigation has isolated the breach to certain administrative systems at the Department used for functions such as employee transit benefits processing. It did not affect any transportation safety systems,” a spokesperson said.

“With the support of other federal agencies, including CISA, the OCIO is addressing the breach and has suspended access to relevant systems while we further investigate the issue, and secure and restore the systems.”

The agency has frozen access to the TRANServe system, according to Reuters, which reported that the breach involved information from about 114,000 current government employees and 123,000 former employees. Users of the program received a $280 mass transit allowance per month.

On Monday, Congress’ watchdog agency said in a report conducted prior to the incident that DOT could improve its implementation of cybersecurity policies and provide better oversight of cyber leaders at sub-agencies.

“For example, DOT reviewed component agency cybersecurity programs for agencies within the department, but didn't use the reviews to address longstanding cyber issues,” said the report from the Government Accountability Office.

In a letter dated April 28 and attached to the report, a senior DOT official concurred with GAO’s recommendations.

Federal information systems continue to be a ripe target for hackers. The FBI was hacked twice over the last year. The Justice Department itself suffered a breach of the federal courts docketing system that occurred in early 2020.

The Russian hackers who orchestrated the SolarWinds supply chain attack were also able to pivot to the internal network of the U.S. Department of Justice, from where they gained access to Microsoft Office 365 email accounts belonging to employees at 27 U.S. attorneys’ offices.

The SolarWinds incident involved the Treasury Department, State Department, Commerce and Energy departments, and parts of the Pentagon. Hackers stole the information of 26 million people in attacks on the Office of Personnel Management (OPM) in 2014 and 2015.

The DOT breach comes as the federal government is still reeling from a March incident that exposed the sensitive healthcare data of 17 members of the House of Representatives, 43 of their dependents, and 585 House staff members and their dependents.

That cyberattack — which involved Washington, D.C.’s healthcare exchange platform — came just weeks after the U.S. Marshals Service suffered a ransomware attack that leaked troves of information.