Department of Transportation Suffers Major Cyber Breach

• A substantial cyber breach at the Department of Transportation (DOT) potentially impacts approximately 237,000 current and former federal employees, exposing personal data related to the DOT-run transit benefit program, TRANServe.
• In response, the DOT’s Office of the Chief Information Officer, along with other federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA), are working together to address the breach, suspend access to compromised systems, and implement recovery measures. All affected individuals will be provided with credit monitoring services to mitigate potential risks.

WASHINGTON D.C. – A substantial cyber breach has occurred at the Department of Transportation (DOT), with a potential impact on approximately 237,000 present and past federal employees, as disclosed by Reuters last Friday.

The cyber intrusion was primarily focused on TRANServe, a transit benefits scheme managed by the DOT. According to an internal email that FedScoop gained access to, the program offers reimbursements to federal government employees for specific commuting expenses.

The breach might have compromised identifiable personal data such as names of TRANServe transit benefit recipients, their agency affiliations, work-related email addresses, phone numbers, both work and home addresses, SmarTrip card numbers, and TRANServe Card numbers.

As per Reuters’ provided information, the breach could have impacted an estimated 114,000 current and 123,000 retired federal employees.

In response to the incident, the DOT has announced its plans to alert those potentially affected and is proactively working on measures to mitigate possible risks. As per the DOT’s statement, “The data breach impacts those individuals enrolled in the DOT’s transit benefit program (TRANServe)… The breach transpired within the system that oversees TRANServe.”

The Transportation Department, in a recent communiqué to Congress, stated that initial investigations have traced the breach to specific departmental systems used for administrative tasks, including the processing of employee transit benefits.

The DOT’s Office of the Chief Information Officer (OCIO) is taking the lead in investigating the data breach. The agency clarified in a statement that, “The primary investigation has confined the breach to certain administrative systems within the Department, used for roles such as employee transit benefits processing. It has not compromised any transportation safety systems.”

The OCIO is working jointly with other federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA). As a precautionary step, access to pertinent systems has been suspended while investigations are underway, and efforts to secure and restore the affected systems are in progress.