Rhode Island Attorney General Peter Neronha earlier this week said that he is opening up an investigation into a data breach which includes Rhode Island Public Transit Authority (RIPTA). The news comes following the outrage that happened this week over the organization's handling of the breach.
RIPTA's office says that it is currently receiving a lot of calls about the incident, asking them to enquire into what took place. RIPTA sent out a notification on 21 December saying that it suffered a security breach in August. It later confirmed that the data was extracted from their systems on 3rd and 5th August.
These files had details about RIPTA health plans including address, social security numbers, Medicare identification numbers, date of birth, qualification information, claims information, and health plan member identification. US department of health and human services breach website report that 5,015 people were affected. Recently, the ACLU of Rhode Island asked RIPTA to explain why sensitive information of people with no links to the organization was involved in the data breach.
"Local ACLU chapter executive director Steven Brown says his chapter has received complaints from people who got letters from RIPTA notifying them that their personal data, including personal health care information, was accessed in a security breach of RIPTA's computer systems," ZdNet reports.
The letters showed that the number of targets in the list in the US department of health and human services website (5,015) are different than the ones mentioned in the breach sent to victims: 17,378.
"Worst -- and most inexplicable -- of all, the people who have contacted us are even more deeply distressed by the fact that RIPTA somehow had any of their personal information -- much less their personal health care information -- in the first place, as they have no connection at all with your agency," Brown says. The process was time-consuming, but RIPTA wanted to be sure what data was compromised in the breach and to whom it belonged to.