IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hacker Claims to Have Published St. Louis Transit Data

The hacker behind a recent cyber attack against St. Louis’ Metro Transit claims to have published the data. It is unclear what data was published or whether it included sensitive personal information.

(TNS) — An anonymous hacker group says it has published data it stole from a regional transportation agency here.

It was not immediately clear what data was published or whether it included sensitive personal information. The hackers earlier this week demanded a ransom be paid or they would release stolen information from the regional transportation system Metro Transit, including passports, Social Security numbers and tax information.

Taulby Roach, the CEO and president of Bi-State Development, which operates Metro Transit, said Thursday the agency did not pay the ransom but did not release more details about the demand.

A union that represents many of Metro Transit's 1,800 employees said no employees have reported instances of identity theft or other malicious activity stemming from the hack.

Roach said no customer data was stolen, and any impacted employees will be notified.

Employees were told of the data breach earlier this week and offered free credit monitoring through TransUnion, a credit reporting agency.

"We are unaware of any instances where sensitive employee information has been used maliciously," Roach said in a statement. "However, we encouraged employees to register as soon as possible for the free credit monitoring services and heightened vigilance by our employees for suspicious links or suspicious credit activity.

Brett Callow, an analyst with the New Zealand-based cybersecurity firm Emsisoft, shared a screenshot with the Post-Dispatch that showed files containing what the hackers claimed late Wednesday was stolen Metro data.

Callow said it's impossible to know exactly what's in the files without downloading and viewing them, which he said he wouldn't do because he sees it as an invasion of privacy.

The screenshot was published on an unregulated part of the Internet called the dark web, which hackers often use to publish ransom threats and cybersecurity researchers track to study ransomware activity.

It appeared to show the publication of 10 files, each 500 megabytes, and a tracker noting the download link had been viewed more than 700 times.

The cyber attack began on Oct. 2, and phone and computer services for Metro's paratransit service, Call-A-Ride, were still disrupted as late as last week.

The attack type is known as ransomware because criminals hack a system, encrypt data from it, lock out the owner and then demand a ransom in order to unlock the system and delete the stolen data.

The same hacking group hit several other public agencies over the past year, including the City of Oakland and the San Bernardino Sheriff's Office in California, and government agencies in the United Kingdom and Germany, security analysts say. The San Bernardino Sheriff's Office paid the group a $1.1 million ransom.

Both Callow and Allan Liska, a Washington, D.C.-based ransomware researcher, said it is better if ransomware victims don't pay to deter future attacks.

©2023 the St. Louis Post-Dispatch, Distributed by Tribune Content Agency, LLC.