A feature on the New York City Metropolitan Transportation Authority’s website allowing passengers to check their travel history is under fire for posing a potential privacy risk.
Joseph Cox, an investigative reporter at 404 Media, found that MTC’s new payment system containing the feature only requires credit card information, with no additional verification steps — making it prone to abuse.
That means nefarious actors can enter the card, if they have it, and look at a traveler’s movements. All the MTA would have needed to do to fix this issue was add a password or PIN option.
“Obviously this is a great fit for abusers who live with their victims or have physical access, however brief, to their wallets,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. “Credit card info is not a … unique identifier.”
When asked about the possible concerns, MTA spokesman Eugene Resnick assured the outlet that the authority was “committed to maintaining customer privacy.”
“The trip history feature gives customers a way to check their paid and free trip history for the last 7 days without having to create an OMNY account,” Resnick stated. “We’re always looking to improve on privacy and will consider input from safety experts as we evaluate possible further improvements.”
The MTA has since said it will disable the system until further notice.
It is not the first time that the Big Apple’s subway operators have been slammed for alleged privacy issues.
The Surveillance Technology Oversight criticized the MTA in a 2019 report for gathering data that corporations could monetize upon and law enforcement could use to “target ethnic and religious minorities.”
Luca Cacciatore ✉
Luca Cacciatore, a Newsmax general assignment writer, is based in Arlington, Virginia, reporting on news and politics.
© 2023 Newsmax. All rights reserved.
