The Metropolitan Transportation Authority was among several agencies whose systems were breached in late April by hackers believed to be linked to the Chinese government, according to a New York Times report.
The cyberattack did not cause any breach of employee or rider data, and the hackers didn’t gain access to systems controlling the train cars, according to transit officials.
“The MTA’s existing multilayered security systems worked as designed, preventing spread of the attack,” the agency’s chief technology officer Rafail Portnoy told the Times. “We continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat.”
The intrusion was revealed by an MTA document outlining the breach; it was one of a recent spate of breaches by hackers with reported ties to the Chinese government targeting federal agencies, defense contractors, and financial institutions, according to cybersecurity firm FireEye, which works with the federal government and helped identify the attack.
On two days in the second week of April, two groups of hackers — one of which was said to be working on behalf of China’s government — gained access via a weakness in Pulse Connect Secure, a connectivity tool that allows workers to remotely access their employers’ networks.
They had access until at least April 20, when the intrusion was identified and the hackers compromised three of the Authority’s 18 computer systems when the MTA alerted the federal authorities, the Times reported.
The cyber-attackers broke into systems used by New York City Transit, which runs the subway and buses, along with Long Island Railroad and Metro-North Railroad, according to the report.
Although it isn’t clear why the hackers attacked the MTA, investigators said China might be trying to get information about how North America’s largest transit network awards contracts in an effort to get an advantage in the international rail car market.
The breach caused the agency some $370,000 and the MTA required 3,700 employees and contractors, about 5 percent of its workforce, to change passwords as a precaution.
Portnoy said there was “no employee or customer information breached, no data loss and no changes to our vital systems,” and the Department of Homeland Security is investigating the incident.
He added: “Our response to the attack, coordinated and managed closely with State and Federal agencies, demonstrated that while an attack itself was not preventable, our cybersecurity defense systems stopped it from spreading through MTA systems.”
