In the note, DOT said it was working to notify affected individuals whose personally identifiable information may have been compromised as a result of the breach and to help mitigate potential risks.

It said: “The data breach impacts individuals that are enrolled in the US Department of Transportation’s (DOT) transit benefit program (TRANServe).  TRANServe manages the transit benefit program for DOT and other federal agencies.  The breach occurred within the system that supports TRANServe.”

TRANServe is a commuting benefits system that reimburses staff across the federal government for certain transportation costs.

According to the email, information compromised as a result of the breach may include details such as the name of TRANServe transit benefit recipients, their agency, work email address, work phone number, work address, home address, SmarTrip card number, and/or TRANServe Card number.    

Details of the breach were first obtained on Friday by Reuters, which reported that the breach is expected to affect 114,000 current federal employees and 123,000 former federal employees.

According to the TRANServe program website, the TRANServe Parking and Transit Benefit System (PTBS) is currently down due to unscheduled maintenance.

The Transportation Department notified Congress Friday in an email obtained by Reuters that its initial investigation of the data breach has “isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing.”

In a statement to FedScoop, the Department of Transportation said: “The Office of the Chief Information Officer (OCIO) at DOT is continuing to investigate a data breach affecting the Department. The preliminary investigation has isolated the breach to certain administrative systems at the Department used for functions such as employee transit benefits processing.

The agency added: “It did not affect any transportation safety systems. With the support of other federal agencies, including CISA, the OCIO is addressing the breach and has suspended access to relevant systems while we further investigate the issue, and secure and restore the systems.”

The Transportation Department will make credit monitoring available to all current and former employees affected by the breach. The Office of Personnel Management will also offer to monitor the financial statements of those affected.

The maximum TRANServe benefit allowance is $280 per month for federal employee mass transit commuting cost.

Ben Freed contributed to this report.

Editor’s note, 5/16/23: This story was updated to include comment from the Department of Transportation.

The post Transportation Dept. cyber breach exposes data of federal employees appeared first on FedScoop.

Under terms of the task order, Booz Allen will provide support for the VA’s benefits integration initiative, which is focused on reusing and expanding technologies used with the veteran benefits management system.

The contract award is the latest stage in a long-running attempt by the VA to modernize its benefits system, after lawmakers in 2017 passed legislation codifying systems improvement. The legislation requires an update to the way veterans can receive tuition and other benefits for higher education.

In March this year, VA announced it would build a new “Digital GI Bill” platform to increase communication between veterans, schools and the government. It awarded the contract to start building it to Accenture Federal Services.

The latest initiative is intended to increase the efficiency of technology systems within the Veterans Benefits Administration and the National Cemetery Administration.

VA issued the task order as part of its transformation twenty-one total technology contract (T4NG), which is used to procure IT services.

The task order comes after Booz Allen earlier this month announced that it would acquire federal IT consultancy firm Liberty, for $725 million.

The post Department of Veterans Affairs picks Booz Allen for $1.1B benefits processing contract appeared first on FedScoop.

Commercial credit agencies have traditionally helped the government verify identities by asking personal questions from credit files, but the 2017 Equifax data breach has officials rethinking that process.

My Social Security uses knowledge-based verification before people can access their benefit status, replace Social Security or Medicare cards, or request services. But data stolen in the Equifax breach could be used to answer My Social Security’s personal questions.

Agencies could instead compare pictures of photo IDs submitted by mobile phone to documents on file, but not all people have a smartphone, according to a Government Accountability Office report released Friday.

In 2017, NIST effectively barred agencies from using knowledge-based verification for sensitive applications, but GAO said the guidance was insufficient in ensuring they adopted alternatives.

Agencies have argued alternatives present cost, convenience, technological, and equity barriers.

Of six agencies reviewed, only the General Services Administration and the IRS had eliminated knowledge-based verification for Login.gov and Get Transcript services.

GAO found the Department of Veterans Affairs still uses such questions for certain people, while SSA and the U.S. Postal Service indicated they want to reduce use but don’t have any plans to do so.

The Centers for Medicare and Medicaid Services have no plans to switch to alternatives.

“[U]ntil these agencies take steps to eliminate their use of knowledge-based verification, the individuals they serve will remain at increased risk of identity fraud,” reads the report.

GAO wants NIST to provide additional direction on how to successfully implement other methods like in-person identity proofing or verification of mobile device possession using carrier records. The new guidance should broach the advantages and disadvantages of different technologies and make recommendations, according to the report.

NIST officials had no plans for additional guidance at the time of review, GAO said, but the Department of Commerce agreed with the recommendations on NIST’s behalf — as did SSA, USPS and VA. The Department of Health and Human Services disagreed on CMS’s behalf arguing alternatives aren’t feasible for its clients like those using HealthCare.gov.

“The alternatives to knowledge-based verification proposed by GAO in their report are not suitable for certain populations served by CMS as they would create undue burden, create barriers to accessing federal services, or may be cost prohibitive,” HHS said in its comments. “For example, in-person for rural populations is not viable due to travel distance.”

HHS added it would continue to monitor for “potential effective” alternatives.

The Office of Management and Budget did not comment on GAO’s recommendation it require agencies to report their progress on identity-proofing processes outlined by NIST.

The post Report: Benefits agencies, lacking guidance, slow to abandon traditional identity verification appeared first on FedScoop.

Chairman Mike Enzi, R-Wyo., sent a letter to VA Secretary Robert Wilkie on Friday in which he demands answers to questions on how much money the VA has spent to fix the IT issue and when the problem will, finally, be solved.

“What is the current status of the IT upgrades?” Enzi demands, in question number three of seven. “Will these systems be upgraded in time for the spring semester? If not, when does the VA expect to fully implement these changes? How much does the VA estimate it will need to spend to complete its IT upgrade?”

Members of the House Veterans’ Affairs Committee tried to get answers to similar questions in a hearing on Thursday and were met with reticence from VA leadership.

“What I would challenge all of us to do … is to come up with specific deliverables so that every person in attendance and watching and the press who are writing about this leave with a very crystal clear understanding of when this will be fixed, how it will be fixed and the mechanisms by which we can hold one another accountable,” ranking member Rep. Beto O’Rourke, D-Texas, said in his opening remarks.

“You will not leave this meeting with a date [for completion of the system],” Paul R. Lawrence, undersecretary for benefits at the Veterans Benefit Administration, said in reply.

Reported IT “issues” arose from the Harry W. Colmery Veterans Educational Assistance Act, or Forever GI Bill, which was signed into law by President Donald Trump in August 2017. Two sections of the law, which extends or expands many benefits, change the way the VA pays a monthly housing stipend. Previously the stipend was based on the ZIP code where the veteran lived — now it’s based on the ZIP code where he or she goes to school.

This change required that the VA build a new piece of software, but development and deployment hasn’t exactly gone smoothly.

Enzi also requests a detailed breakdown of all the money that’s been spent to address the issue, specifics on the contract that VA has with Booz Allen Hamilton for development of the new software system, a description of the agency’s strategy for communicating with affected veterans and more. The letter sets a Nov. 30 due date for any agency response.

“Our veterans deserve better,” Enzi writes.

The post Senate Budget Committee also has some questions about those VA software issues appeared first on FedScoop.

Over the past 22 months, the VA has moved towards a more efficient, electronic process from its traditional paper-restricted operation. That has resulted in the removal of more than 7.8 million paper files from 60 locations, resulting in faster, more accurate claims decisions for veterans, according to a press release.

“Improving the delivery of benefits and services to Veterans is central to our mission,” VA Secretary Robert Wilkie said in the release. “This significant effort will not only improve VA’s claims process, it will also lead to quicker decisions for Veterans because millions more records will be available electronically.”

In 2013, the VA started its switch over to a digital environment by removing paper records from its regional offices and expanded the efforts in 2016 by launching the File Bank Extraction initiative — an approach that removed more than 1.7 million paper claims files from 59 VA locations, according to the release.

The VA continued its efforts in 2017 by converting nearly 6.1 million paper records held within the Records Control Division of the Records Management Center in St. Louis into digital records. According to the press release, these paper records are temporarily being stored in a secure facility certified by the National Archives and Records Administration where “they are inventoried, prioritized and sent to multiple VA vendors for rapid scanning into VA’s Veterans Benefits Management System (VBMS).”

The post VA modernizes benefits process, digitizing more than 7 million files appeared first on FedScoop.