But the agency only recently alerted the public.
"We are vulnerable on the trains," Andrea Katz of Lower Manhattan told CBS2's John Dias on Thursday.
New Yorkers are now seeing how vulnerable the nation's largest transportation network is. For the first time, the MTA has publicly disclosed details about a cyber attack believed to have links to the Chinese government.
"That's super scary. You'd like to think it's more secure," said Matt Cooke of the Upper West Side.
The transit authority said it was alerted by federal authorities, including the FBI, on April 20 that it was among several agencies targeted in a widespread hacking campaign.
Three of the MTA's 18 systems were impacted.
But the agency's chief technology officer told CBS2 in part a, "forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems."
Neal Bridges is a cyber security expert.
"This could have led to a life and safety issue had hackers gained access to some of the mechanisms that actually control any of the core systems of MTA," Bridges said.
The close call has some commuters thinking how a subway shutdown could shut down the whole city, as many are now just starting to get back to the office.
"This is actually my first day going back into work, and I thought if there was a cyberattack and I couldn't get into office I guess I would stay home," Upper West Side resident Kevin Hungate said.
An alert was issued after a ransomware attack hit Massachusetts Steamship Authority on Wednesday, delaying ferries to Nantucket and Martha's Vineyard.
Earlier this week, there was a similar attack from a Russian-based group on meat processor JBS.
And last month, there was panic at the pump after the Colonial Pipeline Co. temporarily shut down operations, following a breach by hackers.
"It seems to be that no one can really keep their systems safe right now," Manhattan resident Jeremy Feit said.
About 5% of MTA employees and contractors were forced to change their passwords due to the attack. Agency officials said they've upgraded safety measures.
for more features.