The agency in charge of public bus service in the Treasure Valley said it has begun notifying the more than 500 people who may be affected.
BOISE, Idaho — A ransomware attack against Valley Regional Transit in October may have compromised personal information of 535 of the transit agency’s employees, contractors and customers.
VRT, which operates public transit in Ada and Canyon counties, said Friday that upon learning of the attack, the agency immediately began working with cybersecurity experts to investigate and help VRT contain the threat and secure its systems. VRT also said it has begun notifying the people whose information may have been subject to unauthorized access.
VRT on Friday said the following about what the investigation revealed as well as the response:
- Cybercriminals had accessed VRT’s computer network and removed some data before deploying the ransomware in October 2021.
- The affected data may have included individuals’ names, addresses, birthdates, and Social Security or driver’s license numbers.
- VRT is offering credit-monitoring services at no cost to people whose driver’s license or Social Security numbers were involved.
- The breach did not interrupt payroll processes or transportation services.
- VRT notified the Federal Bureau of Investigation and the Transportation Security Administration of this incident and has been providing regular updates to Idaho regulators.
VRT said it did not have sufficient contact information to provide written notice to a small number of affected individuals. The agency is asking people with any questions, and wanting to determine if their information was involved in the breach, to call the following number: 208-258-2777. Hours are 8 a.m. to 4 p.m. MT, Monday through Friday.
“We are committed to protecting the security of our systems as well as personal information about our employees, vendors and customers,” said Kelli Badesheim, Valley Regional Transit’s executive director. “VRT wants to make sure an…