NY Transit Officials Confirm Cyberattack, Say Harm Limited

June 2, 2021 Updated: June 2, 2021

NEW YORK—Hackers infiltrated computer systems for the Metropolitan Transportation Authority in New York, setting off a scramble to counter a potentially crippling cyberattack against North America’s largest transit system, MTA officials confirmed on Wednesday.

The officials said in a statement that the agency received an alert from the FBI and other federal agencies saying three of its 18 computer systems were put at risk.

The MTA insisted that it quickly shut down the attack. It said a follow-up forensic analysis also found that no sensitive information was stolen and that rail service for millions of riders each day and other operations were never compromised or disrupted.

“Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat,” said Rafail Portnoy, the MTA’s chief technology officer.

The cyberattack was first reported on Wednesday by The New York Times, citing an internal document that was not made public. It was suspected that the breach had links to China, according to the NY Times.

A statement from the MTA did not mention China. There was no immediate response to requests for comment from the Department of Homeland Security, which is investigating the case.

The MTA systems appear to have been attacked on two days in the second week of April and continued at least until April 20, the Times reported. Hackers gained to systems used by New York City Transit—which oversees the subway and buses—and also the Long Island Rail Road and Metro-North Railroad, according to the MTA document, the newspaper said.