PROVIDENCE, R.I. (WPRI) — The security breach of the Rhode Island Public Transit Authority (RIPTA) this past summer was more extensive than initially reported, according to a top state official.
In a letter sent Thursday, R.I. Department of Administration Director James Thorsen revealed that the thieves obtained data through “a currently undetermined point in early 2020,” which is five years later than the window of 2013 to 2015 that was initially disclosed.
“However, it is our understanding that RIPTA sent informative letters to all identified, impacted health plan participants,” Thorsen wrote.
The security breach occurred back in August and the stolen information includes the personal details for some state workers who have no ties to the public transit agency.
RIPTA has been sending letters to affected state employees – both current and retired – notifying them that suspected criminals accessed files related to the state’s health insurance billing plan which contained their personal information.
It remains unclear why RIPTA’s computer system had access to information about individuals who have never worked at the transit agency.
Some of those affected, as well as leaders at the Rhode Island chapter of the ACLU, have expressed frustration that RIPTA waited more than four months after the Aug. 5 attack to begin notifying people that their information was seized. RIPTA says it took until Oct. 28 to determine whose information was compromised.
RIPTA said it would be providing complementary membership to identity monitoring services through Equifax. For people who think they were affected by the hack, but do not receive a letter by Jan. 20, Thorsen urged them to contact a call center at 855-604-1669.
The R.I. Attorney General’s office is actively investigating the security breach.
Eli Sherman and Ted Nesi contributed to this report.