Cyberattack targeted MTA; riders not affected

U.S. authorities in April discovered a cyberattack that had targeted a number of public organizations, including the MTA — the agency that runs subways, buses, commuter railroads, and toll bridges and tunnels in the New York City area. 

The MTA got an alert of the breach on April 20, 2021, at 8 p.m. and by the next morning had patched three systems that had been impacted, MTA officials said. 

"The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cyber security firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems," MTA Chief Technology Officer Rafail Portnoy said in a statement. "Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat."

MTA officials said the breach didn't impact customers, employees, or contractors. The agency made about 3,700 employees and contractors change their passwords as a precaution.

The New York Times reported that the hackers are believed to have links to the Chinese government. The group didn't demand a ransom from the MTA. Instead, the breach is likely part of a larger attack on several government agencies and financial companies around the world.

Cybersecurity expert Eric Cole, the author of Cyber Crisis, said this latest breach shows that the U.S. is "being attacked from every single angle."

"Everything we can tell, this is actually espionage focused, where they're trying to get information about how the systems work and how they operate to give themselves a competitive advantage," Cole told FOX 5 NY. "You have to be really careful about with Chinese-based attacks... they usually do a smokescreen. So they'll do something visible, then throw you off course. And then there's actually a deeper attack under the surface."

The MTA has 18 separate systems; only three were affected by the cyberattack, officials said. The "multi-layered security system prevented unauthorized access" to its other internal systems, which means that its "security approach worked," MTA officials said.

The attacks are happening much more frequently, according to Alex Yampolskiy, the founder and CEO of the cybersecurity rating firm SecurityScorecard. "Every fourth company is getting breached."

He added that several recent breaches — including the ransomware attacks on the fuel transporter Colonial Pipeline and the meat-processing company JBS and now this MTA breach — all have one thing in common: digital thieves exploited vulnerabilities due to employees working remotely.

"There's a proliferation of a lot of devices, everything has been digitized, and the pandemic only accelerated the digital shift and as a result, the networks became much more complex," Yampolskiy said. "And so that made it much harder to protect them and defend them."

Get breaking news alerts in the FOX 5 NY News app. Download for FREE!

R179 subway cars operating on the J line.

R179 subway cars operating on the J line. (Courtesy of MTA New York City Transit)