Cyber Incident Victim: Kansas City Area Transportation Authority

On January 23, 2024, the Kansas City Area Transportation Authority (KCATA) experienced a ransomware cyber-attack that disrupted its communication systems. The attack occurred early Tuesday morning, prompting immediate engagement with law enforcement agencies including the FBI. Despite the compromise, all transportation services remained operational, including fixed-route buses and Freedom and Freedom-On-Demand paratransit services. The primary operational impact centered on communication infrastructure, with regional RideKC call centers rendered unable to receive calls and all KCATA landline phones disabled. This disruption necessitated alternative contact methods for paratransit scheduling while fixed-route customers were directed to digital platforms for schedule information. KCATA activated contingency protocols to maintain service continuity while initiating forensic investigation and recovery efforts coordinated with external cybersecurity professionals.

The attack specifically impaired customer access to telephone-based services across multiple jurisdictions. Freedom and Freedom-On-Demand paratransit users in Kansas City, Missouri, and Independence were instructed to call 816-512-5563, while Wyandotte County users contacted 913-573-8351 and Johnson County riders used 913-362-3500. Fixed-route bus customers retained access to real-time scheduling through RideKC.org and the Transit mobile application. KCATA personnel and external cybersecurity teams worked continuously to restore compromised systems, though no restoration timeline was provided. Operational priorities focused on maintaining uninterrupted transit services while containing the attack's spread and evaluating system integrity. Recovery efforts remained ongoing with coordination between technical teams and law enforcement investigators at the time of the public notification.