light rail train
Image: kaffeeeinstein via Wikimedia Commons (CC BY-SA 2.0)

Pittsburgh Regional Transit attributes recent service disruptions to ransomware attack

A recent ransomware attack is causing significant disruptions to public transportation in the Pittsburgh area.

Pittsburgh Regional Transit (PRT) said on Monday that it is “actively responding to a ransomware attack that was first detected on Thursday, December 19.” Law enforcement is involved in the response and an investigation has kicked off alongside cybersecurity experts. 

“While rail service experienced temporary disruptions on Thursday morning, transit services are currently operating as normal,” the agency said

“However, some other rider services remain negatively impacted, including PRT’s Customer Service Center, which is temporarily unable to accept or process Senior and Kid’s ConnectCards.”

IT officials at PRT are still examining whether data was stolen and pledged to provide public updates as the investigation evolves.  

The agency declined to answer questions about what group was behind the attack and when full service would be restored. 

Local news outlets reported last week that trains were delayed by more than 20 minutes due to the ransomware attack. 

PRT has an annual ridership of nearly 40 million and the agency services more than 700 buses, 80 light rail vehicles and more for Pittsburgh and Allegheny County. It is the second largest public transit agency in the state.

The disruption to public transportation and theft of customer data is a key reason ransomware gangs continue to target the government agencies in charge of the industry. 

One of the most disruptive incidents took place ahead of the Labor Day holiday when ransomware attackers shut down the technology at the Port of Seattle, which includes the airport and seaport.

The airport was forced to organize baggage claim by hand and manually update flight terminal information on dry-erase boards. 

Over the last five years, New York City’s Metropolitan Transportation Authority, San Francisco’s BART, London’s transportation agency, Toronto’s Transit Commission, the Santa Clarita Valley Transportation Authority and the Southeastern Pennsylvania Transportation Authority have all faced significant cyberattacks. 

Regional transportation agencies in Washington State, Massachusetts, Virginia, Kansas and Missouri have been similarly attacked, disrupting transit services used daily by thousands of people who rely on buses, boats and trains to travel.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.