237,000 U.S. government employees' data breached

A data breach at the U.S. Department of Transportation (USDOT) has compromised the personal information of 237,000 current and former federal government employees, according to people familiar with the matter on May 12.

The data breach affected the system that processes TRANServe transportation benefits, which is used to subsidize benefits for some transportation costs for government employees. It is unclear whether any personal information was used for criminal purposes.

According to Reuters, the U.S. Department of Transportation has notified Congress on Dec. 12 that its initial investigation into the data breach has isolated the breach to certain systems the department uses for administrative functions, such as employee transportation benefit processing.

In a statement to Reuters, the U.S. Department of Transportation said the breach did not affect any transportation security systems. It was not clear who was behind the attack. The U.S. Department of Transportation is currently investigating the incident and has frozen access to the transportation benefits system until it can be secured and restored.

The maximum benefit allowance for public transportation commuting costs for federal employees is $280 per month. The breach affected 114,000 current employees and 123,000 former employees.

U.S. federal employees and agencies have been the target of hackers in the past, with multiple cyber attacks against U.S. government agencies.

The U.S. Office of Personnel Management (OPM) experienced two data breaches in 2014 and 2015 involving sensitive data on more than 22 million people, including 4.2 million current and federal employees and the fingerprint data of 5.6 million of them.

In 2020, suspected Russian hackers used SolarWinds and Microsoft software to infiltrate U.S. federal agencies, breach the unclassified network of the Department of Justice and read emails from the Treasury, Commerce and Homeland Security departments. In total, nine federal agencies were breached, Reuters reported in 2021.