Valley Regional Transit says ransomware put personal info at risk
The agency in charge of public bus service in the Treasure Valley said it has begun notifying the more than 500 people who may be affected.
BOISE, Idaho — A ransomware attack against Valley Regional Transit in October may have compromised personal information of 535 of the transit agency’s employees, contractors and customers.
VRT, which operates public transit in Ada and Canyon counties, said Friday that upon learning of the attack, the agency immediately began working with cybersecurity experts to investigate and help VRT contain the threat and secure its systems. VRT also said it has begun notifying the people whose information may have been subject to unauthorized access.
VRT on Friday said the following about what the investigation revealed as well as the response:
- Cybercriminals had accessed VRT’s computer network and removed some data before deploying the ransomware in October 2021.
- The affected data may have included individuals’ names, addresses, birthdates, and Social Security or driver’s license numbers.
- VRT is offering credit-monitoring services at no cost to people whose driver’s license or Social Security numbers were involved.
- The breach did not interrupt payroll processes or transportation services.
- VRT notified the Federal Bureau of Investigation and the Transportation Security Administration of this incident and has been providing regular updates to Idaho regulators.
VRT said it did not have sufficient contact information to provide written notice to a small number of affected individuals. The agency is asking people with any questions, and wanting to determine if their information was involved in the breach, to call the following number: 208-258-2777. Hours are 8 a.m. to 4 p.m. MT, Monday through Friday.
“We are committed to protecting the security of our systems as well as personal information about our employees, vendors and customers,” said Kelli Badesheim, Valley Regional Transit’s executive director. “VRT wants to make sure an incident like this does not happen again, so it has taken a number of steps to change the way it protects information and has enhanced its security procedures.”
Everyone, but especially those affected by a cybersecurity breach, is urged to take steps to protect personal information. Those steps include reviewing and monitoring account statements and credit reports for any suspicious or unauthorized activity, and immediately reporting suspicious or unauthorized activity to the authorities, including your local police department or sheriff’s office and the Idaho Attorney General’s Office.
See the latest news from around the Treasure Valley and the Gem State in our YouTube playlist: