The Metropolitan Transportation Authority, which operates New York City’s subway and bus systems, confirmed to Fox News on Wednesday that at least three of its 18 systems were hacked in April.
The MTA is critical infrastructure in a city that serves as a national and world financial center, among other roles New York plays in the economy.
The cyberattack is the newest revelation concerning a series of high-profile hacks spanning the country’s oil and food transportation industries. In early May, Colonial Pipeline was attacked by Russia-linked actors. JBS, the world’s largest beef producer, was targeted this week, and on Wednesday, the Massachusetts Steamboat Authority, which provides ferry service to Martha’s Vineyard and Nantucket, confirmed it was also the victim of a recent cyberattack.
MTA Chief Technology Officer Rafail Portnoy told Fox News on Wednesday that no information belonging to employees or customers was obtained and that there was "no data loss" as a result of the cyberattack.
"The MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack, and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat," Portnoy said.
MTA officials said the breach happened at around 8 p.m. on April 20. It said the Cybersecurity and Infrastructure Security Agency, National Security Agency, and FBI informed MTA of the breach. By the next morning, MTA said it had implemented the necessary security patches, recommended by CISA, to resolve the vulnerability.
MTA, which serves 15.3 million across the nation’s largest city, said it requested that IBM and FireEye, a leading cybersecurity firm, to conduct a security audit, which, as of Wednesday, has ‘found no evidence of account compromise, no employee information breached, no data loss or changes to our vital systems."
"The impact to customers, employees and contractors is zero," MTA officials said.