NEW YORK (PIX11) — The MTA acknowledged that the transit agency’s systems were breached during a cyberattack in April following a report published on Wednesday by the New York Times. Rafail Portnoy—the MTA’s Chief Technology Officer—told NEWS10’s sister station in New York City that no employee or customer information was breached during the hack.
“The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cyber security firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” Portnoy said. “Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat.”
The MTA was notified by federal authorities about the cyberattack on April 20 around 8 p.m., according to officials.
According to the New York Times report, the cyberattack was carried out by hackers believed to have ties with the Chinese government. It was the third cyberattack on the MTA in recent years, transit officials told the Times.
Within the first 24 hours, the MTA implemented recommendations from federal partners on patching the impacted systems, officials said. They also noted that only three out of the MTA’s 18 computer systems were impacted.
While independent auditors did not find evidence of breached customer or employee information, the MTA forced a mandatory password change for all 3,700 users—both employees and contractors—out of an abundance of caution, officials added.
While it was reported to law enforcement at the time, the MTA did not disclose the hack to the public until now.
Word of the MTA attack came on the same day the world’s largest meat supplier said they too were victims of a cyber attack. They’re based in Brazil, but it was JBS’ American operation that was penetrated. The ransomware attack shut down all eight of its U.S. plants.
Now, there are growing concerns the disruption will lead to skyrocketing meat prices, much like gas prices shot up after Colonial Pipeline was hacked last month. The likely culprits in both cases – groups based in Russia.
“We do expect this to be one of the issues that the president will discuss with President Putin at the summit,” said Jen Psaki, White House Press Secretary. “That will be two weeks from today.”
Colonial Pipeline wound up paying a ransom upwards of $4 million. When asked if the U.S would retaliate, President Biden would only say his administration was “looking closely at that issue.”
Scott Schober is a cybersecurity expert and the author of several books, including “Hacked Again” and “Senior Cyber.” He says that, “These are cyber criminal gangs that are speaking Russian, that are working out of Russia and the government in a sense has to really take action.” He adds that the motive is more financial than political, but the Russian government can put a stop to it.
Also Wednesday, the Steamship Authority, the ferry servicing Martha’s Vineyard and Nantucket, was also hacked. As in most ransomware attacks,all it takes is one weak spot for a hacker to get in.
“All they gotta do is find one employee within an organization that they can hack into the weak password,” said Schober. “They can place the malware and they wreak havoc.”
Schober says it’s important for companies to keep security software updated, and train their employees to be cyber vigilant like using strong passwords and multi-factor authentification and beware of phishing emails.
“Phishing emails is one of the most effective ways to launch malware or ransomware attack,” said Schober. “All it takes is for one employee to open that email attachment.”
Perhaps even more concerning is when critical infrastructure is targeted such as refineries, power grids and transit systems. “They’re taking things—all of your data on your computer or networks, and they’re simply encrypting it. And when its encrypted, you can’t access it,” said Schober. “We’re paralyzed.”
JBS says their systems are coming back online. There’s no word yet on if they made any ransom payments. Experts say the rise in the number of people working from home has made it easier for hackers.
“It’s kind of opened Pandora’s Box,” said Schober. “They’re remotely connecting in, using unsecure Wifi networks, they’re not using strong passwords—companies need to properly train employees to set up security from the start so they know how to stay safe.”