MTA Transit Employees Have Their Personal Info Exposed In Data BreachBy: Val Powell - March 14, 2014
Around 15,000 current and former workers of the New York City Transit Authority have their Social Security number and other personal data exposed after the information was found on a CD, which was still inside a refurbished CD-ROM drive. The Associated Press further reported that the information was discovered when the buyer of the reworked CD drive saw the disc, checked its contents, and recognized some of the names on the list.
The buyer, who happens to be employed by a New York City Transit vendor, immediately notified her employer about the incident. The MTA’s chief information officer Sidney Gellineau wrote a letter that said the vendor turned in the CD to the lawyer of the New York City Transit Authority without making a copy or engaging in any “misuse of the data”.
Gellineau’s letter, which was sent on March 6, was addressed to the individuals affected by the security breach. He assured them that the MTA has commenced the investigation in order to get to the bottom of the situation.
The contents of the disc included complete names, dates of birth, Social Security numbers, and even earnings of approximately 15,000 active, former, retired, and deceased NYC Transit workers. The affected employees hold a variety of positions within the company, ranging from executives, supervisors, and salaried workers. No hourly paid employees were found on the list.
In the MTA’s letter, Gellineau declared that their policy prohibits the placement of unencrypted personal data on a CD by an employee. He added that their company is “not aware of any other such violation of the policy”. According to the Associated Press, a complaint has been filed with the NYPD, although the police department has yet to comment on the issue.
News of personal data theft committed by hackers have been a hot security topic lately, but experts claim that it is not unusual for personal information to be exposed by accident. In order to prevent these accidental breaches, some companies place restrictions on their workers’ computers that make them unable to copy files and take them outside the workplace.
Image via Wikimedia Commons