The breach hit systems for processing TRANServe transit benefits that reimburse government employees for some commuting costs. It was not clear if any of the personal information had been used for criminal purposes.
USDOT notified Congress Friday in an email seen by Reuters that its initial investigation of the data breach has “isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing”.
USDOT said in a statement to Reuters the breach did not affect any transportation safety systems. It did not say who might be responsible for the hack.
The department is investigating the breach and has frozen access to the transit benefit system until it has been secured and restored, it said.
The maximum benefit allowance is $280 per month for federal employee mass
transit commuting costs. The breach impacted 114,000 current employees and 123,000 former employees.
Federal employees and agencies have been target of hackers in the past.
Two breaches at the US Office of Personnel Management (OPM) in 2014 and 2015 compromised sensitive data belonging to more than 22 million people, including 4.2 million current and federal employees along with fingerprint data of 5.6 million of those individuals.
Suspected Russian hackers who used SolarWinds and Microsoft software to burrow into US federal agencies breached unclassified Justice Department networks and read emails at the Treasury, Commerce and Homeland Security departments. Nine federal agencies were breached, Reuters reported in 2021.
The parliament’s Public Accounts Committee of Pakistan has sought a criminal case against Nadra officers who allegedly breached the data and accessed personal information of the army chief’s family.
The meeting on Thursday, chaired by MNA Noor Alam Khan, expressed serious concerns over media reports about the breach.
Those involved in this data theft should be behind bars, Mr Khan said, while adding that Military intelligence and ISI should be made part of the investigation in this matter. “It should be determined how the family’s personal information was stolen.”
The committee also summoned the Nadra chairman who was unable to attend the meeting due to his other engagements. This agitated Mr Khan who said the news was all over the media and he also saw a vlog in which two journalists discussed the issue.