Cyber Incident Victim: Oahu Transit Services Inc.
Date:
Dec 2021
Location:
United States of America
Summary
A cyberattack targeting Oahu Transit Services caused widespread server outages, disrupting online operations for TheBus and TheHandi-Van systems. The incident exhibited characteristics of ransomware, though no explicit ransom demand was confirmed. While bus services maintained normal operations with minimal delays, Handi-Van reservation systems became inaccessible, requiring riders to schedule via phone with adjusted call windows. HOLO card services—including purchases, reloads, and online portals—were temporarily disabled, though officials stated user financial data appeared uncompromised as it resided on separate city servers. Law enforcement agencies including the FBI and Secret Service joined the investigation, while the transit operator isolated affected networks from external connections to contain the breach. Restoration timelines remained unclear during initial response efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 9, 2021, Oahu Transit Services (OTS), operator of Honolulu’s TheBus and TheHandi-Van systems, experienced a cyberattack that caused a mass disabling of its online servers. The incident disrupted all OTS networks, affecting operational and administrative systems. TheHandi-Van service faced immediate challenges, as staff lost access to reservation records and could not view or print scheduled pickups for the day. TheBus maintained normal operations with minimal delays, though the Pass Office at Kalihi Transit Center suspended HOLO card sales and account services due to network outages. City officials confirmed the cyberattack by midday, initiating collaboration with federal and local law enforcement agencies including the FBI, U.S. Secret Service, and Honolulu Police Department to investigate the incident. Roger Morton, Director of the Department of Transportation Services (DTS), stated the attack exhibited characteristics of ransomware but noted no explicit monetary demands had been received at that stage. Emergency protocols were activated, including disconnecting OTS systems from external networks to prevent further intrusion.
The attack significantly impacted TheHandi-Van’s reservation infrastructure, forcing OTS to implement manual scheduling via phone. Customers requiring Friday pickups were instructed to call a dedicated hotline during specific windows: rides before 9 a.m. required calls by 10 p.m. Thursday, while post-9 a.m. rides could only be scheduled starting at 5 a.m. Friday. DTS deployed additional vehicles across Oahu to accommodate demand. HOLO card services experienced partial disruptions, with online portals, call centers, and some retail partners unable to process transactions or reload funds. However, riders with physical HOLO cards were permitted to board TheBus without penalty, and cash payments remained accepted. City spokesman Travis Ota emphasized that HOLO card user data resided on separate municipal servers unaffected by the breach, with safeguards implemented to protect financial and personal information. No evidence suggested compromised rider data. OTS provided no restoration timeline for its systems, continuing reliance on contingency measures while law enforcement investigations proceeded.