CD Exposing MTA Employees' Personal Info Surfaces In Disk Drive Sold By Retailer

By

Published Mar 13, 2014

Modified Mar 13, 2014

We rely on your support to make local news available to all

Make your contribution now and help Gothamist thrive in 2025. Donate today

Gothamist is funded by sponsors and member donations

The MTA suffered a little security breach recently when a CD containing the personal information of about 15,000 employees ended up in a civilian's hands after she purchased a refurbished disk drive with the CD inside. And though there's no reported evidence that any of this information's been misused, it can't be comforting to know your unencrypted social security number could be floating around a Dell outlet store somewhere.

A source tells us the breach occurred sometime in January, when a customer purchased the computer disc drive (perhaps one of these disc drives!) from an unnamed major retailer. Upon further inspection, she discovered a CD containing a file listing the information for thousands of active, retired, deceased and former New York City Transit employees, including their addresses, birth dates, social security numbers and earnings information.

It just so happens that the customer is a technology security official with a major transit vendor, and she reported her findings to her employer, who returned it to authorities without making a copy. "While we do not suspect nor have seen any evidence of misuse of the data, every precaution is being taken to ensure that this is the case," MTA Chief Information Officer Sidney Gellineau wrote in a March 6 letter to employees.

The MTA has launched a full investigation into the breach, and officials note that making a CD featuring unencrypted personal information violates its electronic security policy. Employees affected by the breach have reportedly been notified.