The group claims to have stolen data including Social Security numbers, driver’s license details, home addresses, passport data and other legal documents from Maryland residents. According to The Daily Dark Web, Rhysida demanded 30 Bitcoin in exchange for the information. As of Friday morning, 30 Bitcoin had a dollar value of about $3.3 million.
“The Maryland Transit Administrationcan confirm incident-related data loss at this point in our investigation,” said Veronica Battisti, the agency’s senior director for communications and marketing. “At this time, we are unable to disclose specific or additional details regarding what data has been lost because of the sensitivity of the ongoing investigation.”
Battisti added that if the investigation finds personal information has been taken, “the affected individuals will be notified by the state in accordance with state law and we will take appropriate actions and provide guidance on recommended actions.”
She said the Maryland Department of Information Technology is working with third-party cyber experts to determine the cause of the cyber attack. Real-time bus tracking remains unavailable for some routes.
“Our efforts are focused on restoring all affected services as quickly and securely as possible while ensuring the integrity and protection of all data,” Battisti said.
Verification of the ransomware group’s claims was reportedly posted online this week. The Daily Dark Web reported that the group posted photos of some of the stolen material, along with a message reading, “Open your eyes and be ready to buy exclusive data.”
Based on data from the U.S. Cybersecurity and Infrastructure Security Agency, so far in 2025 Rhysida has claimed eight confirmed ransomware attacks and made another 45 unconfirmed attack claims.
MTA USERS OFFERED SUGGESTIONS
In response, the Maryland Department of Information Technology has released security recommendations for MTA system users and MDOT employees:
- Recognize phishing attempts by being cautious when clicking links or sharing personal information. Phishing emails may appear to come from trusted organizations like banks or government agencies.
- Update passwords by creating long, complex credentials for both personal and work accounts.
- Enable multi-factor authentication to add an extra layer of protection to accounts.
- Keep software updated across all devices to ensure access to the latest security features and patches.
More information will be released as it becomes available. MTA users with questions can call 1-800-332-6347. MDOT employees are advised to contact their IT departments for assistance.
©2025 Baltimore Sun, Distributed by Tribune Content Agency, LLC.
