Cyber Incident Victim: Metro Transit

On October 2, 2023, Metro Transit, operating under Bi-State Development, experienced a cyber attack that forced the organization to freeze all systems to prevent further unauthorized access. The attack was detected on Monday, prompting immediate containment measures to deny access to critical information and protect operational infrastructure. By the morning of October 3, Metro Transit confirmed the breach was contained, allowing transit services to continue safely. MetroLink and MetroBus maintained regular operations throughout the incident, though Metro Call-A-Ride faced significant disruptions. Call-A-Ride service partially resumed at 12:30 p.m. on October 3 for trips reserved from that time through the end of the service day, with full service restoration anticipated for October 4. The organization’s IT teams worked overnight to restore systems, prioritizing the protection of critical data while gradually reactivating the reservation platform and phone lines.

Metro Transit’s recovery efforts focused on restoring Call-A-Ride scheduling software, which remained partially inoperable on October 3, limiting service to life-critical medical appointments such as pre-scheduled dialysis treatments. Phone systems, email, and the full Call-A-Ride scheduling functionality were still undergoing restoration, with updates promised upon resolution. Transit Information services remained accessible via text messaging at 314-207-9786 for MetroBus and MetroLink customers. The disruption caused Metro Transit to publicly request patience as IT teams addressed the attack’s aftermath, emphasizing their priority to safeguard systems while minimizing service interruptions. No data theft or specific attacker details were disclosed in initial updates, with the organization concentrating on operational recovery and communication of service adjustments.