On December 23, 2024, Pittsburgh Regional Transit (PRT) disclosed it was contending with a ransomware attack, discovered initially on December 19. This breach notably disrupted transit services across the Pittsburgh metropolitan area, which PRT serves by operating a diverse array of transportation options, including buses, light rail, and incline services.

Service Disruptions

Rail services experienced interruptions on December 19, though normal operations have since resumed. Some customer services, such as the processing of Senior and Kid’s ConnectCards, remain affected.

Response Measures

Upon detection of the attack, PRT mobilized its Cyber Incident Response Team, informed law enforcement, and engaged leading cybersecurity experts to assist in the investigation.

Potential Data Breach

The investigation aims to determine if any sensitive information was compromised. No specific ransomware group has claimed responsibility, and details about the perpetrators remain unknown.

Broader Context

Similar incidents have impacted other transit authorities across the United States. The Kansas City Area Transportation Authority experienced a ransomware event in January 2023. Earlier, in December 2020, Metro Vancouver's TransLink services were disrupted by Egregor ransomware. Notably, in April 2021, a China-linked threat actor exploited a zero-day vulnerability to breach New York City's Metropolitan Transportation Authority network. PRT's ongoing efforts aim to restore full services and secure its systems against future threats. The situation underscores the persistent vulnerabilities facing public transportation infrastructure. For updates, follow cybersecurity developments on social media platforms.

The link has been copied!