U.S. Transportation Department Breach Exposes Data of 237,000 Employees – Source:


Source: – Author: Livia Gyongyoși

The US Department of Transportation (USDOT) recently revealed threat actors breached its system in a cyberattack. The data breach compromised the personal information of roughly 237,000 current and former agency employees.

While it remains unclear when the attack happened or who are the threat actors, USDOT made the announcement just a few days before the Government Accountability Office (GAO) issued a report on cybersecurity. The report stated that USDOT should improve the implementation of its cybersecurity policies.

GAO acknowledges that USDOT has made some progress, including the creation of cybersecurity roles and responsibilities for officials within its agencies, but there is still room for improvement. For instance, notes, while USDOT has reviewed its agencies’ cybersecurity programs, the reviews were not used to actually address the sixty-three cybersecurity recommendations issued by GAO.


The Data Breach Impact on USDOT

According to the researchers, the attack hit systems for processing TRANServe transit benefits. For now, the incident affected the process that returns commuting costs to government employees.

According to USDOT, the ongoing investigation of the attack limited the breach to some of the systems that were used for administrative tasks. They gave employee transit benefits processing as an example. As a security measure, while the investigation is still ongoing, the specialists momentarily froze access to the transit benefit system.

USDOT also stated that apparently, the data breach had no impact on the transportation safety systems. However, the breach affected 114,000 current and 123,000 former USDOT employees.

The maximum benefit allowance is $280 per month for federal employee mass transit commuting costs. The breach impacted 114,000 current employees and 123,000 former employees.


Mitigation and Prevention Measures Against Data Breaches

Governmental organizations are one of the hackers` favorite targets, and similar attacks did happen in the past.

Data breaches that affect personal information can result in identity theft, phishing attempts, account fraud, and more. So, in order to avoid data breaching, cyber security specialists recommend the following best practices:

  • Inform and educate employees regarding the risks of improper use of credentials and about how they can spot a phishing or smishing attempt

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.

Heimdal Official Logo

Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® Threat Prevention
– Endpoint

Is our next gen proactive DNS-Layer security that stops unknown
threats before they reach your system.

  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;

Original Post URL:

Category & Tags: Cybersecurity News – Cybersecurity News


Leave a Reply

Your email address will not be published. Required fields are marked *