The Maryland Transit Administration (MTA) experienced a cybersecurity breach resulting in unauthorized access to its IT systems, severely disrupting operations. The **Mobility paratransit service**—critical for riders with disabilities—was unable to schedule new trips or rebook existing ones, forcing eligible passengers to rely on alternative **Call-A-Ride** options. Real-time transit information, call centers, and service notifications (e.g., train arrivals/departures) were also **completely offline**, creating delays and uncertainty for commuters, including students on the first day of school. While core transit services (buses, subway, rail) remained operational, the lack of real-time updates and booking capabilities caused **operational chaos, reputational harm, and financial strain** due to reduced ridership trust and potential revenue loss from disrupted paratransit services. Third-party cybersecurity experts and law enforcement were engaged to investigate the incident’s scope and origin, indicating a **targeted attack with systemic impact** on public infrastructure.
TPRM report: https://www.rankiteo.com/company/mtamaryland
"id": "mta755082525",
"linkid": "mtamaryland",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'all MTA riders (including '
'Mobility paratransit users, '
'students, and commuters)',
'industry': 'public transportation',
'location': 'Maryland, USA',
'name': 'Maryland Transit Administration (MTA)',
'type': 'government agency'}],
'customer_advisories': 'public notification issued via MTA channels; '
'Call-A-Ride contact provided (410-664-2030)',
'date_publicly_disclosed': '2023-08-27',
'description': 'The Maryland Transit Administration (MTA) is investigating a '
'cybersecurity incident involving unauthorized access to some '
'of its systems. The incident has disrupted Mobility '
'paratransit services (no new bookings or rebookings), '
'real-time information systems, and call centers. While main '
'services (Local Bus, Metro Subway, Light Rail, MARC, '
'Mobility, Call-A-Ride, and Commuter Bus) remain operational, '
'riders are experiencing delays due to lack of notifications '
'about train arrivals/departures. MTA is working with '
'third-party cybersecurity experts and law enforcement to '
'assess the incident.',
'impact': {'brand_reputation_impact': 'potential negative impact due to '
'service disruptions',
'downtime': {'Mobility paratransit services': 'new bookings '
'suspended (duration '
'unspecified)',
'real-time notifications': 'ongoing outage'},
'operational_impact': ['disrupted trip scheduling for Mobility '
'paratransit',
'lack of real-time train/bus '
'arrival/departure notifications',
'increased travel time for riders'],
'systems_affected': ['Mobility paratransit scheduling systems',
'real-time information systems',
'call centers']},
'investigation_status': 'ongoing (assessing extent and origin of the '
'incident)',
'references': [{'date_accessed': '2023-08-27',
'source': 'MTA Public Advisory'},
{'date_accessed': '2023-08-27',
'source': "Governor Wes Moore's Office Press Release "
'(IronCircle Relocation)'}],
'response': {'communication_strategy': {'customer_guidance': 'encouraged '
'riders to allow '
'extra travel '
'time and use '
'Call-A-Ride as '
'an alternative',
'public_advisory': True},
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['cybersecurity experts']},
'stakeholder_advisories': 'riders advised to plan for delays and use '
'alternative booking methods (Call-A-Ride)',
'title': 'Cybersecurity Incident at Maryland Transit Administration (MTA)',
'type': ['unauthorized access', 'operational disruption']}