RIPTA’s Massive Hack Raises Many Questions

Rhode Island Public Transit Authority (RIPTA) suffered a massive data hack which may have impacted 5,015 people as per the U.S. Department of Health and Human Services (HHS).

The information was disclosed on the HHS’s official portal, which termed the incident as a “hacking/IT incident”. The HHS further elaborated the hack has exposed protected health information stored on RIPTA’s server.

RIPTA put out a notice which spoke of the “privacy incident”, stating that the transport authority “recently identified and addressed a security incident that involved the personal information of our health plan beneficiaries.”

Also Read: Azure App Service’s Security Flaw ‘NotLegit’ Exposes Source Repository!

As per their notice, RIPTA “identified a security incident that resulted in unauthorized access to some of their computer systems” on Aug. 5.

Investigation shed light on the fact that the hackers made off with data encompassing “plan member names, Social Security numbers, addresses, dates of birth, Medicare identification numbers and qualification information, health plan member identification numbers and claims information” as per the RIPTA.

RIPTA stated that the impacted people were informed by mail. Anyone who hasn’t received such a mail but believes their data was compromised should approach the authorities by contacting (855) 604-1668.

Also Read: Cryptocurrency Heists, Ransomware Payments to Drop 30% by 2024!

The transport agency tinged the bad news with a smidge of positivity by stating that passenger payment data should be secure as it wasn’t stored on their in-house servers.

“To help prevent something like this from happening again, we implemented additional security measures to enhance the existing security of our network and continue to train our employees regarding data security,” RIPTA said.

Many Questions in The Aftermath

Many Questions in The Aftermath

The hack has landed RIPTA in the crosshairs of the American Civil Liberties Union (ACLU) as it has emerged that the travel agency had stored details of thousands of people who never even commuted by RIPTA bus.

ACLU has gotten complaints from people, who were never associated with RIPTA, that their data has been compromised in the hack. Rhode Island ACLU executive director Steven Brown wrote a letter to RIPTA CEO Scott Avedisian.

“Contrary to your agency’s statement that the breach involved RIPTA’s health care beneficiaries, all the complaints we have received have come from people who have never been RIPTA employees and, in some instances, have never even ridden a RIPTA bus,” Brown penned.

“The only connection that they all seem to have is that they are, or were, state employees.”

Also Read: Two Major Companies Suffer Data Breach! Deets Inside!

The ACLU asked RIPTA why the travel agency stored health details of non-RIPTA associates and why it took more than 2-1/2 months for RIPTA to prepare a list of the compromised individuals and then a couple of more months to mail them. The ACLU also outpointed another glaring anomaly where RIPTA mailed 17,378 people in Rhode Island, and the HHS portal claimed only 5,015 people were affected.

“But that is what makes all the more alarming the specifics of this incident: the time it took for affected individuals to be notified, the misleading information provided the public about it, and, most critically of all, RIPTA’s possession and storage of personal health care information that it clearly had no business having in the first place,” Brown wrote.

RIPTA responded to the ACLU demand by stating that they received ACLU’s letter and were reviewing it.

Contact Us

More New Articles: