PROVIDENCE, R.I. (AP) — A data breach at Rhode Island's public transit agency that compromised the personal information of more than 17,000 people is now under review by the state attorney general's office, officials said Thursday.
The office is “reviewing this incident to determine whether the entities involved have complied with state laws regarding notification and safeguarding of personal information in their custody,” Kristy dosReis, a spokesperson for Attorney General Peter Neronha, told The Providence Journal.
The American Civil Liberties Union of Rhode Island this week sent a letter to the Rhode Island Public Transit Authority demanding to know why people affected by the breach were not notified until Dec. 23 even though it was first discovered in August; why the information of state employees who do not work for the agency or who don't use the bus service was compromised; and why the federal government says more than 5,000 people were affected by the breach, but RIPTA puts that number at more than 17,000.
The breach included private health care information including Social Security numbers, dates of birth, and Medicare identification numbers.
Cristy Raposo Perry, a spokesperson for RIPTA, told WJAR-TV the information on non-employees was sent to the agency by the state's former health insurance provider.