June 6, 2023
Hackers exposed the personal information of more than 237,000 current and former federal government employees after they gained access to systems of the US Department of Transportation (US DOT).While we usually hear about data breaches at companies and private organizations, the truth is that government institutions regularly come under attack as well. Sometimes, hackers manage…

Hackers exposed the personal information of more than 237,000 current and former federal government employees after they gained access to systems of the US Department of Transportation (US DOT).

While we usually hear about data breaches at companies and private organizations, the truth is that government institutions regularly come under attack as well. Sometimes, hackers manage to get in and take important information, and that’s exactly what happened with the DOT.

Governmental institutions generally function somewhat like a private companies, with employees, payrolls and internal tools. The bigger the institution, the more complex the systems and the more difficult they are to guard.

According to a Reuters report, the DOT notified Congress that it discovered a data breach affecting an internal service, named TRANServe that deals primarily with employee travel reimbursement. It might not seem like an obvious target, but the system also holds precious personal information on previous and current department employees.

The DOT said that it had “isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing.” Fortunately, none of the transportation safety systems were affected.

In total, around 114,000 current employees and 123,000 former employees were affected by the breach, but it remains unclear what type of data was exposed and if it has already reached the dark net.

An audit of the Department of the Interior by the US Office of the Inspector General indicates that more than 20% of passwords federal employees used could be cracked using standard cryptographic methods. In fact, more than 89 percent of its High-Value Assets lacked multifactor authentication, which makes the problem even worse.

Source