MTA Says Hackers Breached Its Systems In April But No Threat Was Posed To Public

NEW YORK (CBSNewYork) - The MTA was breached by hackers in April, officials said.

The New York Times is reporting hackers with suspected ties to the China government penetrated the MTA's computer systems.

As CBS2's Ali Bauman reports, the MTA says the breach had zero impact on customers and a forensic audit found no evidence any accounts or compromised or any employee information was breached, but the hack has exposed vulnerabilities in our nation's largest transportation network.

The transit authority says it was alerted by federal authorities, including the FBI, on April 20 that the MTA was among several agencies targeted in a widespread hacking campaign.

"It's suspected that this intrusion was result of what's known as a 'zero day,' which is a vulnerability that has yet to be patched either from the software developer or the manufacturer. This is something that is is highly unusual to see in the hacker space," said Neal Bridges, chief content officer for INE. "There are no known patches for these vulnerabilities. And as a result, using this vulnerability, kind of tips the hand of the attacker."

Three of the MTA's 18 systems were impacted.

"This could have led to a life-and-safety issue had hackers gained access to some of the mechanisms that actually control any of the core systems of MTA," Bridges said.

According to a New York Times report of MTA documents, one week after the agency learned of the attack, officials raised concerns that hackers could have entered the operational systems which control train cars, or could penetrate the MTA computer systems through a back door.

"I don't want to release any more details beyond what the MTA already has," said Gov. Andrew Cuomo.

"The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cyber security firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems. Importantly, the MTA's existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat," said MTA Chief Technology Officer Rafail Portnoy.

Bauman asked riders if they were concerned.

"Them being able to hack into our system, it makes us scared to ride the subway every day," commuter Priti Saha said.

"It's always a concern, but at the same time, it's New York, you gotta keep going and do what you have to do, or else they win," said commuter Ken Alaimo.

"I don't think that the transit system will be the last target for hackers," commuter Joshua Brown said.

Wednesday, a ransomware attack hit Massachusetts' Steamship Authority, delaying ferries to Nantucket and Martha's Vineyard.

Earlier this week, a similar attack on meat processor JBS crippled the company and could have a ripple effect on grocery store prices. CBS News has learned the suspect is a Russian-based group.

This all comes after hackers hit Colonial Pipeline in May, forcing it to temporarily shut down operations, which led to panic buying at the pump.

"These cyber-attacks represent a military weapon that is being used by our adversaries to try to weaken the United States," Leon Panetta said.

Meanwhile, the MTA says it implemented the federally recommended fixes and is adding more layers of protection to its system.

"The biggest takeaway that we will see ... is the need for more cybersecurity focus on our critical infrastructure," Bridges said.

The MTA also told CBS2 about 5% of employees and contractors were forced to change their passwords and switch to different VPNs.

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.