“Unauthorized individuals may have accessed” files containing employee names, Social Security numbers, addresses, benefits enrollment information, salary or hourly rate, as well as bank account and routing numbers, SEPTA General Manager Leslie Richards told employees in an email Thursday morning, which was shared with The Inquirer.
“SEPTA prioritizes the protection of the personal information of our employees,” Richards said in the message. “While we are still in the process of confirming the full extent of the data that may have been impacted, SEPTA is providing you with resources as quickly as possible so that you may protect your personal information for actual or attempted use.”
The authority was quick to reassure customers that SEPTA Key accounts were not affected.
A malware attack forced SEPTA to shut down its ability to share real-time information with riders on Aug. 10 to prevent the virus from spreading. Those features, including the SEPTA app’s “Next-to-Arrive” feature and platform announcements, returned Monday afternoon.
But there isn’t a timeline on restoration elsewhere within the network. SEPTA employees worked without email for about a week, and a lack of access to servers and programs has continued to make their jobs more difficult.
The authority has brought in the FBI and outside information technology experts to assist on the investigation.
SEPTA is offering a year of free credit monitoring to workers through Kroll, a cyber security consultant. It’s also set up a call center dedicated to answering employee questions about the attack. Costs of both measures are covered by SEPTA’s cyber insurance, SEPTA spokesperson Andrew Busch said. Letters were also mailed to employees Wednesday.
The authority is encouraging employees to sign up for the credit monitoring for “peace of mind,” Busch said. It’s not clear how long information had been exposed.
SEPTA appears to be concerned that intruders got into its employee database, which has a treasure trove of personal information that can be used for identity theft, said Michael Levy, former chief of computer crimes at the U.S. Attorney’s Office for the Eastern District of Pennsylvania.
“Credit cards get shut down pretty quickly with fraud,” he said. “But if you’re stealing Social Security numbers, the problem now is people start opening [credit] accounts using your Social Security number, and you don’t know about it until you go to buy a car or need financing.”
If hackers stole sensitive data, they’ll likely sell the information on illicit markets in the deep corners of the so-called dark web, Levy said.
Attackers often access computer systems with “phishing” emails that dupe employees into handing over user credentials or clicking links that download malware, Levy said. The fact that SEPTA’s systems have been down for weeks may mean the agency is still not sure which parts of its computer systems hackers were in and “whether they have them out yet,” he said.
Some of SEPTA’s supervisory, administrative, and management — or SAM employees — expressed frustration to The Inquirer over a lack of communication from the authority on the attack. Employees had been left wondering basic questions such as whether their information was at risk while balancing the many hardships SEPTA faces from the pandemic. Morale at the headquarters is low and wavering, employees said. About 2,000 of SEPTA’s workers are SAM employees.
The authority is encouraging employees to monitor financial statements and contact their banks if they spot any suspicious activity, Richards told employees in the email sent Thursday.
“We weren’t in a position to say it two weeks ago,” Busch said. “It would have been alarming for employees to hear then, I’m sure, as it may be now. But it’s a process that we had to work through, and get things into place. This came to light as we went through further investigation of what happened.”
"employee" - Google News
August 28, 2020 at 12:16AM
https://ift.tt/3gC8zMT
SEPTA employee info, including Social Security numbers and bank accounts, possibly compromised during malware - The Philadelphia Inquirer
"employee" - Google News
https://ift.tt/3c4ygEc
https://ift.tt/2W5rCYQ
Bagikan Berita Ini
0 Response to "SEPTA employee info, including Social Security numbers and bank accounts, possibly compromised during malware - The Philadelphia Inquirer"
Post a Comment