Thousands of US government workers have data leaked online

News
By Sead Fadilpašić
published

Unnamed hackers stole sensitive data, the government agency confirms

Data Breach
(Image credit: Shutterstock)

The US Transportation Department (USDOT) has been hit by a cyberattack that saw data on current and former employees stolen.

In a report, Reuters, citing “sources briefed on the matter”, states that the incident affected a total of 237,000 people - 114,000 current USDOT employees, and 123,000 former ones.

The agency, in charge of handling the US transportation system, has notified Congress of the breach via an email seen by Reuters, which said that the breach was "isolated [...] to certain systems at the department used for administrative functions, such as employee transit benefits processing."

Safety systems unaffected

The systems referenced in the email process TRANServe transit benefits that reimburse government employees for some commuting costs, it was said. 

The announcement does not discuss which data was taken, if there is enough to run identity theft attacks, or if any payment information was compromised. The organization also did not discuss if the data was already used in the wild for criminal purposes. Transportation safety systems were unaffected by the breach, USDOT added, and claims it doesn’t know which threat actor was behind the breach.

Read more

> The cybersecurity breach: who is to blame?

> A US government email server was found without any password security

> Here are the best malware removal tools today

The incident is currently being investigated, and the organization froze access to the transit benefit system until it’s deemed safe again. As per the Reuters report, the maximum benefit allowance is $280 per month, for federal employee mass transit commuting costs. 

Government agencies and their staff are a constant target as cybercriminals, both state-sponsored and profit motivated, seek vulnerabilities to exploit and sensitive data to steal. 

Employee information can either be used to run even more devastating attacks, or it can be sold on the dark web for profit. 

Recently, the US government banned the TikTok app from agency-issued mobile devices, claiming matters of national security. 

The country is also looking to use its RESTRICT act to ban TikTok from even more users, again on the grounds of online safety.

This follows a recent report which found tracking pixels belonging to TikTok across numerous websites including US government pages. While tracking pixels - or web beacons - are typically used for collecting data to better target audiences with relevant ads, concerns have been raised about the information collected and how it may be used by the Chinese company and other entities in the country.

Via: Reuters

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.