The Maryland Transit Administration (MTA) suffered a cyberattack targeting systems supporting **Mobility**, a specialized transit service for disabled individuals who cannot access standard bus stops. The attack disrupted real-time information systems, call centers, and the ability to schedule new trips or rebook existing ones—though previously booked rides remained operational. The incident forced reliance on the **Call-A-Ride** program as an alternative. While core transit services (buses, subways, light rail) were unaffected, the breach impacted critical operational tools, prompting involvement from third-party cybersecurity experts, law enforcement, and the state’s **Department of Emergency Management**. No group claimed responsibility, but the attack aligns with a rising trend of cyber disruptions targeting municipal disability services across U.S. cities, often causing prolonged service outages and requiring emergency workarounds. The incident underscores vulnerabilities in public infrastructure supporting vulnerable populations, with potential cascading effects on trust in government-run transit systems.
Source: https://therecord.media/maryland-cyberattack-transit-disabled-people
TPRM report: https://www.rankiteo.com/company/mtamaryland
"id": "mta450082825",
"linkid": "mtamaryland",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Disabled residents relying on '
'Mobility services',
'industry': 'transportation',
'location': 'Maryland, USA',
'name': 'Maryland Transit Administration (MTA)',
'type': 'government agency'},
{'industry': 'emergency services',
'location': 'Maryland, USA',
'name': 'Maryland Department of Emergency Management',
'type': 'government agency'},
{'industry': 'IT services',
'location': 'Maryland, USA',
'name': 'Maryland Department of Information Technology',
'type': 'government agency'}],
'customer_advisories': 'Public notifications issued via MTA website and '
'social media channels.',
'date_detected': '2023-12-10T00:00:00Z',
'date_publicly_disclosed': '2023-12-10T00:00:00Z',
'description': 'Several state departments in Maryland are dealing with a '
'cyberattack affecting systems used to organize transportation '
'for disabled people. The Maryland Transit Administration '
'(MTA) reported unauthorized access to some systems, impacting '
'real-time information systems and tools for the specialized '
'transit service called Mobility. While core transportation '
'services (bus lines, subways, light rail) remain unaffected, '
'Mobility services—used by individuals who cannot access '
'regular transit—are unable to schedule new trips or rebook '
'existing ones. The MTA is collaborating with third-party '
'cybersecurity experts and law enforcement to assess and '
'mitigate the incident. Previously scheduled Mobility trips '
'will proceed, but new rides must use the Call-A-Ride program. '
'The state’s Department of Emergency Management has activated '
'a statewide emergency operations center to coordinate the '
'response.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'service disruptions for vulnerable '
'populations.',
'downtime': {'end': None,
'services_affected': ['new trip scheduling',
'trip rebooking',
'real-time transit information'],
'start': '2023-12-10T00:00:00Z'},
'operational_impact': 'Disruption to Mobility services for '
'disabled residents; reliance on Call-A-Ride '
'as an alternative. Statewide emergency '
'operations center activated.',
'systems_affected': ['real-time information systems',
'Mobility service scheduling tools',
'call centers']},
'investigation_status': 'Ongoing; scope and impact being assessed with '
'third-party cybersecurity experts and law '
'enforcement.',
'references': [{'date_accessed': '2023-12-11T00:00:00Z',
'source': 'MTA Social Media and Website Announcement'},
{'date_accessed': '2023-12-11T00:00:00Z',
'source': 'News Report on Maryland Cyberattack'}],
'response': {'communication_strategy': 'Public warnings issued via social '
'media and MTA website; advisories for '
'affected users to use Call-A-Ride.',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': 'Statewide emergency operations center '
'activated; Call-A-Ride program offered as '
'an alternative for new trips.',
'third_party_assistance': ['cybersecurity experts']},
'stakeholder_advisories': 'Users advised to use Call-A-Ride for new trips; '
'previously scheduled Mobility trips will proceed '
'as planned.',
'title': 'Cyberattack on Maryland Transit Administration (MTA) Disrupts '
'Mobility Services for Disabled Residents',
'type': ['cyberattack', 'unauthorized access']}