Press Release  Audit Offers Steps to Address Security Vulnerabilities at MBTA Vehicle Maintenance and Storage Facilities

Boston — In an audit released today of the Massachusetts Bay Transportation Authority (MBTA), State Auditor Suzanne M. Bump pointed to deficiencies in protocols that allowed terminated and retired employees to continue to access MBTA facilities after their departure from the agency. The audit notes this leaves agency facilities vulnerable to unauthorized access, placing the security and safety of MBTA property, passengers, and employees at risk.

Bump’s audit, which examined the period January 1, 2017 through March 15, 2019, found that the MBTA was not ensuring the retrieval and deactivation of employee access cards when an employee left employment, although written policies dictated that it do so. In its response, the MBTA indicated it has implemented, or plans to implement, the audit’s recommendations.

“MBTA equipment and staff are invaluable assets to the Commonwealth and the public. Access by unauthorized persons presents a security risk that needs to be remedied,” according to Bump. “I thank the MBTA management and staff for their recognition of this deficiency and hope that this audit aids them in resolving it swiftly and effectively.”

During the audit period, the MBTA did not disable the security access of 47 employees who left the agency. In cases where the MBTA did disable the security access of terminated employees, auditors found significant lag time between employees’ termination dates and the dates their security access was disabled. Of the terminated employee files reviewed by auditors, 71 percent indicated an access ID card had not been returned to the MBTA. There were 85 instances where a former MBTA employee used their ID card to physically access an MBTA facility after their termination date. The audit also found the MBTA did not promptly disable free transportation privileges of 76 former employees, resulting in lost revenue for the Authority.

The audit released to the public is abridged because of the sensitivity of the information contained in the full audit. Consistent with government auditing standards and the Massachusetts public records law, only the MBTA will receive a full, unabridged copy of the report.

The MBTA was established in 1964 and provides services via its rapid transit system, commuter rail service, bus service, ferry routes, and transit service for people with disabilities to nearly 200 cities and towns across the Commonwealth. It operates 10 facilities that house and maintain its current fleet of buses. During the audit, the MBTA had 1,002 active buses. It performs service, inspection, and repair on its trains at 13 additional facilities.

The full audit report is available here.

###