The Rhode Island Public Transit Authority (RIPTA) disclosed a data breach that compromised the names, social security numbers, addresses, birthdates, Medicare information, health insurance member identification numbers and claims information of a disputed number of individuals.
The transit authority first detected the breach on August 5, 2021, and determined that personal identifiable information (PII) was accessed and exfiltrated between August 3 and 5. RIPTA disclosed the breach on their site on December 21, offering identity monitoring services to victims.
In a recent statement, RIPTA said that the security incident "involved the personal information of [their] health plan beneficiaries." However, the American Civil Liberties Union (ACLU) of Rhode Island has received complaints from data breach victims who had no direct connection to the RIPTA health plan, according to a letter sent to the transit authority by ACLU Rhode Island Executive Director Steven Brown.
Non-associates of RIPTA affected by the data breach all reported working at some point as state employees.
The U.S. Department of Health and Human Services website, which displays reported data breach information, states that over 5,000 people were affected by the breach. In a letter sent by RIPTA to an individual affected by the breach, the transit authority stated that the cyber incident involved 17,378 people.