Most Read: Local

Dr. Gridlock
Traffic and Commuting Home  |  Discussions  |  Columns  |  Q&A  |      Twitter  |     Facebook |  phone Alerts
Posted at 09:40 AM ET, 08/17/2012

Metro site security breach could have revealed personal information

This story has been updated.

A security flaw on Metro’s Web site could have revealed personal information about people applying for jobs with the transit agency.

Metro’s jobs page had a “refer a friend” feature allowing visitors to e-mail an opening to another person. If you knew the e-mail address of someone who had applied to a Metro job in the past, you could enter it there and, eventually, access applicant profiles.

The breach was first reported on Thursday by WJLA.

Metro took down the “refer a friend” feature shortly after WJLA alerted it to the problem on Wednesday afternoon, said Metro spokeswoman Caroline Lukas.

These profiles could have included names, addresses and phone numbers, but they didn’t contain Social Security numbers or other personal information, Lukas said.

The “refer a friend” feature had been active for about two months. WJLA reported that it was able to access the information of a current Metro employee. There are 13 current Metro employees who could have had their information seen, Lukas said.

“The potential risk was small, because an individual would need to (a) know that the issue existed and (b) the personal email address of a previous applicant,” Dan Stessel, Metro’s chief spokesman, said in an e-mail.

The “refer a friend” feature won’t return to the site until PeopleSoft, the software vendor, fixes the problem, Stessel added.

If you have applied for a job at Metro, we want to hear from you. E-mail us at transportation@washpost.com with your contact information.

By  |  09:40 AM ET, 08/17/2012

Tags:  Metro

 
Read what others are saying
     

    © 2011 The Washington Post Company