[BreachExchange] Cyberattack at RIPTA disrupts some operations, rider payments

[Sophia Kingsbury]

https://www.wpri.com/target-12/cyberattack-at-ripta-disrupts-some-operations-rider-payments/

The R.I. Public Transit Authority confirmed Tuesday cybercriminals have
hacked the public transit system, shutting down some operations and
disrupting passengers’ ability to pay for rides.

State officials said the cyberattack happened last week and RIPTA has since
been working to restore some operations, including disrupted phone lines
and email access, but that transit services have continued uninterrupted.

It wasn’t immediately clear what type of information was compromised as a
result of the cyberattack, but RIPTA CEO Scott Avedisian said the
quasi-public agency’s primary system that stores employee files and most
operations hasn’t been affected. His office also emphasized that the agency
doesn’t keep any passenger financial information in-house, “so that
information should remain secure.”

“There are specifics that we cannot discuss at the moment, but we want the
public to know that our buses are fully operational and we want to thank
the public for their patience,” Avedisian said in a statement. “We are
methodically working to determine which systems were impacted by the
disruption.”

Target 12 first reached out about the hack on Monday, but a spokesperson
said the inquiry wasn’t received because phone systems and emails have been
down.

So far, state officials said the biggest impact has been on passengers who
use the agency’s Wave smart fare payment system, which allows riders to use
a rechargeable card or phone to pay fares.

The payment system has not been working properly since the cyberattack
happened last week, officials said, but passengers should not expect to
lose any prepaid products or balances in their accounts.

RIPTA drivers have been instructed to allow on board any passengers with
Wave mobile apps, “even if they are not functioning.” Some phone lines and
email access at RIPTA’s offices still had not been restored as of Tuesday
night.

Cyberattacks have been happening more frequently in recent years, as
cybercriminals have found repeated success in attacking public, private and
nonprofit IT systems. Oftentimes, the criminals will use so-called
ransomware to hold sensitive information hostage unless paid money.

It wasn’t immediately clear whether RIPTA had paid any money as result of
the cyberattack.

“We are working as quickly as possible with our own IT Department and
professional consultants to restore all of our systems in a safe manner,”
Avedisian said. “We understand that it’s been a frustrating couple of days
for people who have not been able to reach us, and we apologize for any
inconvenience.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210811/5b0ff0f2/attachment.html>