The Maryland Transit Administration (MTA) has been hit by a serious cyber attack. A ransomware group known as Rhysida has claimed responsibility for the breach.
Hackers Claim Responsibility for MTA Breach
The incident, which took place in late August, has caused major concerns about the safety of sensitive personal data.
The hackers say they have stolen a wide range of documents from MTA systems. These include names, dates of birth, driver’s licenses, Social Security numbers, and even passport scans. To back up their claims, the group has published images of these stolen records on its leak site.
The demand from Rhysida is steep. They are asking for 30 bitcoin, which equals about US$3.4 million. The group has given the MTA a seven-day deadline to pay the ransom. If the ransom is not paid, the attackers have threatened to release the stolen data publicly.
The Maryland Transit Administration is part of the state’s Department of Transportation. It runs buses, trains, light rail, subways, taxis, and a paratransit service called MobilityLink. This paratransit system was one of the first to be disrupted by the cyber attack. For some time, real-time bus tracking has also been unavailable for certain routes.
Extent of Data Loss Still Unclear
Officials have confirmed that data loss has occurred, but they have not shared details about what kind of information was taken. They explained that the investigation is still ongoing and more details will be shared if personal data exposure is confirmed. If individuals are found to be affected, the state will notify them directly in line with state law.
The hackers’ proof pack, however, suggests that highly sensitive records have been stolen. Screenshots released by Rhysida include scans of a Social Security card, a driver’s license, a passport, a live scan form, and financial documents. This type of information could put victims at risk of identity theft and fraud.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
Rhysida is not new to such activities. The group has carried out several large-scale attacks on government agencies and healthcare institutions. Earlier this year, it demanded $3.4 million from a hospital in Chicago and $5.8 million from the Port of Seattle. In both cases, the ransom was not paid.
So far in 2025, Rhysida has taken credit for at least eight confirmed ransomware attacks and dozens of unconfirmed ones. The group’s average ransom demand is around $1.1 million, but in high-profile cases, it has gone much higher. In total, Rhysida has claimed responsibility for over 90 attacks since it began operating, putting millions of records at risk worldwide.
Cybersecurity Alerts and Safety Steps for Users
In response to the breach, Maryland’s Department of Information Technology has issued safety guidance to both state employees and MTA system users. They are urging everyone to be cautious of phishing attempts. These often arrive as fake emails, texts, or websites that try to trick people into revealing personal or financial details. Such messages may look official but can be harmful if clicked or replied to.
People are advised not to click on unknown links or enter sensitive data into unverified websites. Checking the sender’s email address before acting is one of the simplest but most effective steps to avoid scams.
Officials have also advised changing passwords immediately. Strong and unique passwords should be used for both work and personal accounts. A password manager can help users keep track of complex passwords without having to remember them all. Enabling multi-factor authentication is another important step, as it adds an extra layer of protection against hackers.
Cyber Attack on National Tanker Company Disrupts Iranian Merchant Ship Communications
In addition, keeping devices updated is crucial. Regular software updates fix known bugs and security weaknesses, making it harder for cyber criminals to break in. Without these updates, attackers can exploit old vulnerabilities to gain access to systems.
Cybersecurity researchers tracking government-related ransomware cases have noted a rise in such attacks this year. Dozens of local and state agencies across the U.S. have already been hit, causing disruptions to services and exposing citizens to possible risks. In August alone, more than ten government entities were attacked by different ransomware groups.
For Maryland, the investigation is still underway, and officials continue to monitor the full extent of the breach. In the meantime, they are focusing on restoring disrupted services while also warning citizens to remain alert for any suspicious activity linked to the stolen data.
