Cyber Incident Victim: US Transportation Department

On May 12, 2023, Reuters reported that the personal information of 237,000 current and former U.S. federal government employees had been exposed in a data breach. The incident occurred within systems at the U.S. Transportation Department (USDOT). The breach specifically targeted systems responsible for processing TRANServe transit benefits. This program administers the reimbursement of mass transit commuting costs for government employees, with a maximum monthly allowance of $280 per person. The breach impacted a substantial number of individuals, comprising 114,000 current federal employees and 123,000 former employees. The nature of the personal information exposed was not detailed beyond its connection to the transit benefit program.

The U.S. Transportation Department notified the U.S. Congress of the incident on Friday, May 12, via an email. In its communication, the department stated that its initial investigation had isolated the breach to certain systems used for administrative functions, explicitly naming employee transit benefits processing. The department issued a public statement confirming that the breach did not affect any transportation safety systems, indicating the compromise was contained within its administrative networks. The statement did not attribute the attack to any specific actor or group, leaving the question of responsibility unanswered. It also remained unclear from the available information whether any of the exposed personal data had been utilized for criminal purposes following the breach.

In response to the incident, the USDOT initiated an investigation to determine the full scope and cause of the breach. As an immediate containment measure, the department froze all access to the TRANServe transit benefit system. This action was taken to prevent further unauthorized access and to secure the compromised systems. The system was to remain frozen until it had been fully secured and restored to normal operation. The reporting did not specify a timeline for the investigation's completion or the system's restoration, nor did it elaborate on the specific technical methods used to accomplish the system freeze.

This incident is part of a broader historical context of cyber attacks targeting U.S. federal employees and agencies. The article referenced two significant prior breaches at the U.S. Office of Personnel Management (OPM) that occurred in 2014 and 2015. Those incidents compromised sensitive data belonging to more than 22 million people, which included 4.2 million current and former federal employees. The OPM breaches also involved the theft of fingerprint data for 5.6 million individuals. Another referenced campaign involved suspected Russian hackers who used vulnerabilities in SolarWinds and Microsoft software to infiltrate U.S. federal agencies. That campaign, reported on in 2021, resulted in breaches of unclassified Justice Department networks and allowed the threat actors to read emails at the Treasury, Commerce, and Homeland Security departments. In total, nine federal agencies were breached during that earlier incident. The USDOT breach shares the common characteristic of targeting government administrative systems and employee data but stands as a separate event with its own distinct impact and response.