Hackers breached MTA systems in cyberattack, officials say

Local News

NEW YORK — The MTA acknowledged that the transit agency’s systems were breached during a cyberattack in April following a report published on Wednesday by the New York Times.

MTA Chief Technology Officer Rafail Portnoy told PIX11 News no employee or customer information was breached during the hack.

“The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cyber security firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” Portnoy said. “Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat.”

The MTA was notified by federal authorities about the cyberattack on April 20 around 8 p.m., according to officials.

According to the New York Times report, the cyberattack was carried out by hackers believed to have ties with the Chinese government. It was the third cyberattack on the MTA in recent years, transit officials told the Times. 

Within the first 24 hours, the MTA implemented recommendations from federal partners on patching the impacted systems, officials said. They also noted that only three out of the MTA’s 18 computer systems were impacted.

While independent auditors did not find evidence of breached customer or employee information, the MTA forced a mandatory password change for all 3,700 users — both employees and contractors — out of an abundance of caution, officials added.

While it was reported to law enforcement at the time, the MTA did not disclose the hack to the public until now.

Word of the MTA attack came on the same day the world’s largest meat supplier said they too were victims of a cyber attack. They’re based in Brazil, but it was JBS’ American operation that was penetrated. The ransomware attack shut down all eight of its U.S. plants.

Now, there are growing concerns the disruption will lead to skyrocketing meat prices, much like gas prices shot up after Colonial Pipeline was hacked last month. The likely culprits in both cases – groups based in Russia. 

“We do expect this to be one of the issues that the president will discuss with President Putin at the summit,” said Jen Psaki, White House Press Secretary. “That will be two weeks from today.”

Colonial Pipeline wound up paying a ransom upwards of 4 million dollars.

When asked if the U.S would retaliate, President Biden would only say his administration was “looking closely at that issue.”

Scott Schober is a cybersecurity expert and the author of several books including “Hacked Again” and “Senior Cyber.”

“These are cyber criminal gangs that are speaking Russian, that are working out of Russia and the government in a sense has to really take action,” said Schober. 

He adds the motive is more financial than political, but the Russian government can put a stop to it.

Also today, the Steamship Authority, the ferry servicing Martha’s Vineyard and Nantucket, was also hacked. 

As in most ransomware attacks,all it takes is one weak spot for a hacker to get in.

“All they gotta do is find one employee within an organization that they can hack into the weak password,” said Schober. “They can place the malware and they wreak havoc.”

Schober says it’s important for companies to keep security software updated, and train their employees to be cyber vigilant like using strong passwords and multi-factor authentification and beware of phishing emails.

“Phishing emails is one of the most effective ways to launch malware or ransomware attack,” said Schober. “All it takes is for one employee to open that email attachment.”

Perhaps even more concerning is when critical infrastructure is targeted such as refineries, power grids and transit systems. 

“They’re taking things — all of your data on your computer or networks, and they’re simply encrypting it. And when its encrypted, you can’t access it,” said Schober. “We’re paralyzed.”

JBS says their systems are coming back online. There’s no word yet on if they made any ransom payments.

Experts say the rise in the number of people working from home has made it easier for hackers.

“It’s kind of opened Pandora’s Box,” said Schober. “They’re remotely connecting in, using unsecure Wi-Fi networks, they’re not using strong passwords — companies need to properly train employees to set up security from the start so they know how to stay safe.”


Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Connect with PIX11 Online

Connect with PIX11 Online

Trending Stories

Don't Miss

@PIX11News on Twitter