Comptroller’s audit highlights failure to meet data security standards
TARRYTOWN- Assemblyman Tom Abinanti (D-Greenburgh/Mt. Pleasant) is asking the New York State Thruway Authority to better protect financial information it gets from E-ZPass accounts and other transactions with Thruway users.
“This looks like a hacking waiting to happen,” said Abinanti in response to a recent NYS Comptroller’s audit. “We must protect financial information that we take from our citizens who have no choice but to surrender their information if they want to drive on the Thruway.”
Abinanti’s action comes in the wake of a September 2017 NYS Comptroller’s audit highlighting weaknesses in Thruway Authority systems used to store and safeguard customer’s financial information. The audit found that the Thruway Authority’s handling of customers financial information does not meet industry standards. The audit highlighted the lack of policies and procedures related to data retention, disposal and encryption, protecting systems against malware, restricting access to cardholder data, user identification and authentication, physical access over cardholder systems, monitoring access to network resources and cardholder data, controlling storage and maintenance of all media, and security monitoring and testing (pg 9, Comptroller’s Audit).
“Today’s complex technological environment requires the Thruway Authority to use state-of-the-art techniques to shield our citizen’s information against a possible breach,” said the Westchester Assemblyman. “A breach could impact thousands who access the Thruway. I hope my efforts and those of the Comptroller will help to facilitate needed improvement.”