June 1, 2023
US Transportation Department Breach Impacting 237,000 Employees
An initial investigation conducted by the US Department of Transportation (USDOT), revealed that has revealed that the breach primarily impacted systems managing the TRANServe transit benefits. The system is designed to subsidize some of the commuting expenses for government employees.
According to a Reuters report, the personal data of around 237,000 federal employees—comprised of 114,000 currently serving and 123,000 former employees—has been potentially exposed due to the breach. The potentially leaked data includes names, work email addresses, work phone numbers, work and home addresses, the respective agencies they serve or served, and numbers associated with SmarTrip and TRANServe Cards.
Currently, the specifics of how the breach occurred and how the hackers gained unauthorized access to the USDOT systems remain unclear. There's also no information yet about whether the stolen information has been misused.
Montana Passed Consumer Data Privacy Act
On April 21, the Montana legislature passed the Montana Consumer Data Privacy Act (MCDPA) (SB 384), making it the latest state to enact its own consumer privacy measure, joining California, Colorado, Connecticut, Iowa, Indiana, Tennessee, Utah, and Virginia.
The CDPA is applicable to any entity conducting business within the state or producing products or services targeted to state residents and, during a calendar year. Either
(i) handle or have authority over the personal data of no less than 50,000 consumers, excluding data processed solely for completing payment transactions, or
(ii) control or process the personal data of at least 25,000 consumers and earn 25% of their gross income from selling personal data.
The CDPA exempts non-profit organizations, registered securities associations, financial institutions, data protected under the Gramm-Leach-Bliley Act and certain other federal legislations, along with entities regulated by the Health Insurance Portability and Accountability Act.
InfiniGlobe, a full-service consulting and software company, specializes in systems integration and performance optimization of top corporate legal departments and law firms. For more information, reach out to us at info@InfiniGlobe.com or at (833) LGL-TECH.