Washington state public bus system confirms ransomware attack

A public transportation system serving parts of Washington state has confirmed that a ransomware attack two weeks ago disrupted some of its systems. 

Pierce Transit — which provides bus, van and carpool services primarily to the city of Tacoma and the surrounding Pierce County area — said the ransomware attack started on February 14 and forced the organization to put temporary workarounds in place. 

The transit system serves about 18,000 people each day.

“Third party forensic experts were engaged to conduct a thorough investigation into the nature and scope of the incident, and law enforcement has been notified. Importantly, our transit operations and rider safety were not impacted as a result of this incident,” a spokesperson told The Record. 

The LockBit ransomware group took credit for the attack and had demanded a ransom by February 28. The Pierce Transit spokesperson said the agency was aware that the deadline had passed. 

“All transportation services are operating as normal. However, temporary workarounds were put in place for certain affected administrative systems in the initial hours and days following the incident. The majority of operations have now been fully restored,” the spokesperson said.


Credit: Better Cyber

The agency is still investigating the incident and attempting to understand what sensitive data was accessed.

The organization plans to notify customers if their information was stolen and leaked by LockBit. The ransomware group claimed it stole correspondence, non-disclosure agreements, customer data, contracts and more.

Pierce Transit said it intends to put in place more security measures and additional cybersecurity monitoring tools to “reduce the likelihood of a similar issue reoccurring.”

“As our investigation continues, we are committed to keeping our community informed, as appropriate,” the spokesperson said. 

Pierce Transit becomes the latest transportation organization to suffer from a ransomware attack, with the San Francisco Bay Area Rapid Transit (BART) hit with ransomware in January, its second incident in recent years. Similar victims include the Silicon Valley-area Santa Clara Valley Transportation Authority in 2021 and the Philadelphia-area Southeastern Pennsylvania Transportation Authority in 2020.

The transit bureau for Cape Cod, Massachusetts, took weeks to recover last year after a Memorial Day weekend ransomware attack, and the Toronto Transit Commission (TTC) reported an attack in November.

New York City’s Metropolitan Transportation Authority — one of the largest transportation systems in the world — was also hacked by a group based in China. While the attack did not involve ransomware and did not cause any damage, city officials raised alarms in a report because the attackers could have reached critical systems and may have left backdoors inside the network.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.