The Metropolitan Transportation Authority is trying to reassure employees after private information for over 15,000 current and former workers was found on a CD inside a refurbished drive.
The CD contained social security numbers, dates of birth, phone numbers and other identifying information of workers at all levels, including senior managers. The MTA told employees they do not suspect the information was misued.
MTA spokesman Kevin Ortiz said in an email on Friday that the agency was “taking all of the necessary precautions” to deal with the data breach. “It’s something we take very seriously,” he said.
A missing property report was filed with the New York Police Department, he said.
The refurbished drive containing the CD was purchased at a retailer, and the purchaser notified the New York City Transit Authority on Jan. 31, 2014, the MTA said in a FAQ distributed to employees. Workers were notified on March 12. The CD was last updated in December 2011.
The Associated Press first reported the data breach on Thursday.
The information on the CD was likely collected for “normal business processes related to payroll and timekeeping,” the MTA FAQ continued. “Placing unencrypted personal data of our employees on a CD is a violation of our policy.”
Anyone whose name and information appeared on the CD will be notified of the situation and offered free credit checks and fraud monitoring for a year, the MTA said.