Cyber Incident Victim: Southeastern Pennsylvania Transportation Authority

The Southeastern Pennsylvania Transportation Authority (SEPTA) experienced a malware attack affecting its servers in early August 2020, with technical disruptions first detected over the weekend preceding August 10. By Monday morning, August 10, SEPTA confirmed the attack had compromised its ability to provide real-time travel information to customers through digital platforms. The authority responded by disabling critical systems to contain the incident, including the "Next-to-Arrive" feature on its mobile app, employee email access, payroll systems, and remote timekeeping tools. SEPTA engaged the FBI and external information technology experts to assist with the investigation and recovery efforts. Chief Information Officer Bill Zebrowski stated that SEPTA Key card systems—used for fare payments—remained uncompromised, though he noted other unspecified organizations were also affected by the same malware campaign.

The attack disrupted passenger access to real-time vehicle arrival predictions, causing widespread frustration as riders relied on SEPTA’s social media channels for updates. Customers reported difficulties planning commutes throughout Monday and Tuesday, with no immediate timeline for service restoration. SEPTA advised passengers to consult printed schedules or station personnel for assistance. At the time of the incident, ridership was recovering from pandemic lows, with transit lines operating at 30–35% of pre-COVID levels and Regional Rail at 10–15%. The malware did not impact actual transit operations or safety systems. SEPTA emphasized ongoing around-the-clock restoration work but cautioned that systems would only be reactivated after ensuring stability. This incident followed a 2019 cyber theft event that forced SEPTA to close its online ticket store after customer payment data was compromised. Officials publicly apologized for the inconvenience and requested patience from riders and business partners during recovery.