NY Transit Employee Info Found on CD
Customer Purchased Refurbished Drive That Contained Info
The New York City Transit Authority is notifying 15,000 active and former employees that their personal information was exposed when a customer of a major computer retailer purchased a refurbished CD drive that contained a disc that held the information.
See Also: Live Webinar | Navigating the Difficulties of Patching OT
When the customer purchased the drive, she discovered a CD within it that included the personal information on active, retired, deceased and former NYCT employees, such as names, Social Security numbers, dates of birth, phone numbers and earnings information, according to a statement the agency sent to Information Security Media Group. NYCT learned of the incident on Jan. 31.
The individual who purchased the CD drive works for a major NYCT vendor and promptly notified their employer of the issue. The vendor then stored the drive in a safe location and returned it to the NYCT, the statement says. The NYCT is now in possession of the original CD. So far, there has been no evidence to show misuse of the information stored on the CD, the authority says.
An investigation is under way to determine how the CD ended up in the drive that was refurbished and sold. The New York City Police Department has been notified about the incident.
Based on initial findings, the incident happened over the course of merging computer systems, the NYCT says.
Impacted individuals will be notified about the incident through the mail and are being offered one year of complimentary credit and identification monitoring services.