A data breach at Metro Mobility, the Twin Cities transit service for people with disabilities, may have exposed the personal information of up to 15,000 individuals who use it.
Metro Mobility has notified customers that an employee's e-mail account was hacked by an unauthorized person, compromising personal ride information between June 13 and Aug. 14, when the breach was discovered. The hacker may have accessed individual rider names, pickup and drop-off addresses, times of rides and special instructions for Metro Mobility drivers.
Social Security numbers and personal financial data were not compromised, according to a notice sent to customers.
Officials at the Metropolitan Council, which oversees Metro Mobility, said they have launched an internal investigation and will produce a report into how the breach occurred. The agency has also reported the breach to the St. Paul Police Department.
"We don't know whether the person viewed your information or took your information from the employee's account," according to a notice to customers on Aug. 23. "As soon as we discovered the unauthorized access, we secured the e-mail account."
Metro Mobility is an invaluable service for many people with both physical and developmental disabilities who need to get around the Twin Cities.
The public service provides shared rides in small buses equipped with wheelchair lifts to up to 62,000 people who are certified as unable to use light rail or buses because of a disability or health condition. Many of its customers have no other means of transportation and rely on the service to get to work, school, shopping and other destinations.
The breach at Metro Mobility is the latest in a string of recent cyberattacks involving public agencies serving vulnerable Minnesotans, as hackers become increasingly deft and sophisticated at stealing private data.
