Philadelphia transit system recovering from apparent cyberattack

The incident, which began Aug. 10, caused riders to lose access to real-time train and bus updates for nearly two weeks.
train in Philadelphia
(Getty Images)

The Southeastern Pennsylvania Transportation Authority is recovering from a reported cyberattack that resulted in the Philadelphia-area transit agency shutting down its real-time bus and rail information for two weeks, exasperating customers returning to the service’s lines after a pandemic-induced slump.

The incident, which was reported Aug. 10, involved an unnamed form of malware that infected SEPTA’s networks, including systems that advise riders when the next train or bus is arriving. While the authority advised its riders to consult printed schedules or station personnel, the loss of live updates prompted numerous Philadelphia residents to take their complaints to SEPTA’s social media accounts, after not being able to look up that information on their phones using the authority’s TransitView tool.

The agency also said at the time that the attack did not expose any customer data connected to its automated fare cards.

Like most transit agencies, SEPTA saw its ridership plummet earlier this year as the COVID-19 crisis kept Philadelphia-area residents cooped at home. But it’s been slowly picking up again since July, with city buses at about 30-35% of their normal capacity.


Real-time train and bus information was finally restored Monday, SEPTA said, but the Philadelphia Inquirer reported the effects of the reported cyberattack run much deeper at the agency. According to the Inquirer, the attack also caused SEPTA employees to lose access to their email accounts, phone directories and multiple file servers, with little indication of when those systems might be restored.

“Morale is really, really low,” one SEPTA employee told the paper.

The FBI and third-party vendors are investigating the SEPTA cyberattack, but the incident earlier this month is not the first time hackers have targeted the agency. Last year, it shut down its online merchandise and ticket store after hackers using a Magecart-style attack stole personal and financial data from hundreds of customers.

And while this month’s incident has not been formally named as a ransomware attack, transit agencies, like other public-sector entities, are vulnerable to viruses that lock up critical systems and threaten to steal or publish sensitive data. The San Francisco Municipal Transportation Agency suffered a ransomware attack in 2016. More recently, the transit authority in Fort Worth, Texas, was targeted by hackers using the NetWalker ransomware, who threatened to publish internal data if they were not paid off.

Latest Podcasts