Share this article on:
A US government data breach has led to the personal details of over 200,000 former and current US government staff being leaked.
The breach, which affected the US Department of Transportation (USDOT), led to the data of 237,000 people being leaked, including 114,000 current and 123,000 former employees.
The threat actors targeted the TRANServe system, which is responsible for compensating staff for their transport costs. Staff were eligible for a maximum of US$280 (roughly $421) a month in travel expenses.
As part of its investigation, USDOT said in an email to Congress seen by Reuters that it had “isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing”.
It also urged that transport safety systems remained unaffected.
USDOT has locked down access to the TRANServe system at this time and will keep it locked until it has been secured and restored.
Currently, it is unknown who was behind the hack nor whether the information has been used for fraud or any other criminal activity.
Cyber attacks on US government agencies have occurred in the past. In 2020, suspected Russian hackers accessed the systems of Texas-based IT management software SolarWinds, which was used by several federal government agencies.
By implanting malicious code into a due software update, hackers believed to have been from the Russian intelligence service, the SVR, were able to launch a massive cyber attack against nine federal departments networks such as the Treasury, Commerce, and Homeland Security, where they were then able to access classified information.
Prior to that, two breaches of the US Office of Personnel Management occurred in 2014 and 2015, affecting over 22 million people.