For a variety of reasons, none of them bad, I don’t have the time this evening to write a full post in advance of Monday morning. I’ll have something up later in the day, but in the meantime, I have two important items, one much more serious than the other.
We’ll start with the good: This Wednesday plays host to my Problem Solvers Q-and-A at the Transit Museum on the future of the MetroCard. I’ll be interviewing Michael DeVitto, Vice President and Program Executive for fare payment programs at NYC Transit, and we’ll be discussing what’s next for the 21-year-old card, what will replace it and when. I have a sneaking suspicion DeVitto will not reveal that we’re heading back to the age of the token, but you never know. The 6:30 p.m. event is free, but the Transit Museum requests you RSVP. I’m looking forward to this one.
And now the bad: I didn’t have a chance to give this story its due last week, but there was a major data breach concerning personal information of over 15,000 salaried Transit employees. As The Post reported, the information — including names and social security numbers of current and retired workers — was discovered on a CD-ROM that had been left instead a refurbished disk drive. The MTA is investigating the cause of the breach, and officials have noted that the existence of such an unencrypted disk is a breach of internal policies. So far, the data, as The Post notes, has not been used for “malicious purposes.”
That’s terrible for the employees.
One is quick to assume government incompetence, so when someone else started charging things on my daughters debit card right after she had made a Metrocard purchase, I assumed someone had hacked the MTA.
But later, I read someone was arrested for skimming account number and pins from a bank ATM she had used in Union Square. Still, the MTA has to assume it is a target, and if you see what is happening to Target, that isn’t a financial disaster the agency needs.
Nott only Target, but Neiman Marcus & T J Maxx as well were hit. The T J Maxx data theft is particularly bad since they didn’t have any incription or security for their computer system. They didn’t want to pay for it.
In the case of the MTA, it semes like the disk was mishandled. If the data wasn’t incripted, that presents a whole host of issues.
The most amusing part in all this is that an MTA contractor bought the refurbished CD-ROM drive. This is not surprising, given that New York’s entire buyers’ market for used CD-ROM drives probably consists of MTA contractors. They simply take advantage of the MTA’s outdated IT standards to make a quick buck reselling to the MTA its own defunct hardware.