The personal information of 237,000 current and former federal government employees has been exposed in a data breach at the US Transportation Department (USDOT), sources briefed on the matter said on Friday.
The breach hit systems for processing TRANServe transit benefits that reimburse government employees for some commuting costs. It was not clear if any of the personal information had been used for criminal purposes.
USDOT notified Congress Friday in an email seen by Reuters that its initial investigation of the data breach has “isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing”.
USDOT said in a statement to Reuters the breach did not affect any transportation safety systems. It did not say who might be responsible for the hack.
The department is investigating the breach and has frozen access to the transit benefit system until it has been secured and restored, it said.
The maximum benefit allowance is $280 per month for federal employee mass transit commuting costs. The breach impacted 114,000 current employees and 123,000 former employees.
Federal employees and agencies have been target of hackers in the past.
Two breaches at the US Office of Personnel Management (OPM) in 2014 and 2015 compromised sensitive data belonging to more than 22 million people, including 4.2 million current and federal employees along with fingerprint data of 5.6 million of those individuals.
Suspected Russian hackers who used SolarWinds and Microsoft software to burrow into US federal agencies breached unclassified Justice Department networks and read emails at the Treasury, Commerce and Homeland Security departments. Nine federal agencies were breached, Reuters reported in 2021.