Tech news from MIST

Unexplained PII compromised by Ripta Data Breach


Somya Bansal

December 29, 2021

Data breach compromising Peronsal Identifiable Information (PII) including the names, social security numbers, addresses, birthdates, Medicare information, health insurance member identification numbers, and claims information of a disputed number of individuals, was disclosed by The Rhode Island Public Transit Authority (RIPTA). It was first detected on August 5, 2021. The Personal identifiable information (PII) was accessed and exfiltrated between August 3 and 5. The breach was disclosed by RIPTA on their site on December 21, offering identity monitoring services to victims. The security incident "involved the personal information of their health plan beneficiaries" said RIPTA. However, the American Civil Liberties Union (ACLU) of Rhode Island has received complaints from data breach victims who had no direct connection to the RIPTA health plan, according to a letter sent to the transit authority by ACLU Rhode Island Executive Director Steven Brown. But all the non-associates of RIPTA affected by the data breach are reported working at some point as state employees. Over 5,000 people were affected by the breach, as stated by the U.S. Department of Health and Human Services website displaying the reported data breach information. In a letter sent by RIPTA to an individual affected by the breach, the transit authority stated that the cyber incident involved 17,378 people.

Abridged fromSecurity Magazine

Click here to see the original post

Share this article