SEVT Data Breach Exposes Sensitive Personal Info

What Happened?

On December 7, 2023, Southeast Vermont Transit (SEVT) detected unusual activity on their network. This prompted an immediate response where SEVT disconnected all access to the network and engaged a third-party cybersecurity firm to assist with securing the environment and conducting a comprehensive forensic investigation. The investigation, which concluded on January 25, 2024, revealed that certain SEVT files had been accessed by an unauthorized actor. This breach led to a thorough review of the affected systems to determine the specific individuals and types of information that may have been compromised.

Information Compromised

The unauthorized access potentially involved sensitive personal information including:

• Names
• Driver license information
• Direct deposit details
• Pick-up and drop-off locations
• Accessibility issues for transit purposes
• Medicaid Insurance Numbers
• Social Security numbers on hardship applications

Steps Taken by SEVT

Following the discovery of the breach, SEVT took immediate steps to secure their systems and mitigate any potential damage. These steps included:

• Disconnecting all access to the network
• Changing administrative credentials
• Restoring operations in a secure mode
• Implementing enhanced security tools
• Continuing efforts to mitigate the risk of future incidents

In addition, SEVT is offering affected individuals access to Single Bureau Credit Monitoring, Single Bureau Credit Report, and Single Bureau Credit Score services at no charge for 12 months. These services are provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation services. To enroll in these services, visit Identity Force and follow the provided instructions.

What You Can Do

If you believe you might have been affected by this breach, it is crucial to remain vigilant and monitor your financial accounts and credit reports for any suspicious activity. Here are some steps you can take:

• Obtain a free copy of your credit report from Annual Credit Report.
• Consider placing a fraud alert on your credit files, which makes it harder for identity thieves to open accounts in your name. Contact one of the major credit bureaus to request this service:
• Experian
• TransUnion
• Equifax

• Place a security freeze on your credit reports to prevent new credit from being opened in your name without your explicit permission. This can be done for free by contacting the credit bureaus.

For More Information

If you have any questions or need further assistance regarding this incident, SEVT has provided a help line available for 90 days from the date of the notice. You can contact them at 1-833-919-9343, Monday through Friday, from 8:00 a.m. to 8:00 p.m. Eastern Time, excluding holidays.

For more details, you can view the full notice on the Massachusetts Attorney General's website.