On December 19, 2024, Pittsburgh Regional Transit (PRT) experienced a ransomware attack targeting its communications network. This cyberattack briefly incapacitated the agency’s ability to monitor light-rail vehicles, causing significant concern about the integrity and safety of the transit system.
Impact on Operations
The immediate effect of the ransomware attack was the disruption of the communication channels used by dispatchers to track vehicles on the light-rail line. Despite this, Pittsburgh Regional Transit quickly implemented contingency measures to maintain operational services. The agency assured the public that transit services were operating normally, although there were some temporary setbacks:
- Customer Service Disruptions: The customer service center experienced difficulties processing ConnectCards for senior citizens and children, temporarily suspending this service while resolving the issue.
- Monitoring Limitations: The inability to track vehicles in real time posed a risk to service efficiency and safety.
Response and Mitigation
In response to the attack, Pittsburgh Regional Transit took several critical steps:
- Activation of Cyber Incident Response Team: PRT’s dedicated team for handling cyber incidents was promptly activated to manage the situation.
- Notification of Law Enforcement: The agency informed local and federal law enforcement agencies to aid in the investigation and help track down the perpetrators.
- Engagement of Cybersecurity Experts: Third-party cybersecurity and data forensics experts were brought in to investigate the incident, identify the ransomware variant used, and determine the extent of the breach.
Ongoing Investigation
The full scope and impact of the ransomware attack are still being assessed. Forensic analysis is underway to understand the attack’s origin, methodology, and the potential data compromised. PRT has committed to providing regular updates to the public and stakeholders as more information becomes available.
Preliminary Findings
Initial findings suggest that the ransomware attack targeted the agency’s communication infrastructure, but it is unclear if any sensitive customer data was accessed or compromised. The priority for PRT is to ensure that such an attack does not recur and to enhance its cyber defenses.
