In a coordinated statement issued today, the Maryland Transit Administration (MTA) and the Maryland Department of Information Technology (DoIT) confirmed that they are investigating a cybersecurity breach that has resulted in unauthorized access to critical systems.
As dedicated teams work to contain the threat, the Maryland Department of Emergency Management (MDEM) has activated the Statewide Emergency Operations Center (SEOC) to coordinate response efforts across agencies.
Upon detecting anomalous activity within its network, MTA’s cybersecurity unit initiated a multi-phase incident response protocol.
First, forensic analysts isolated affected segments to prevent further lateral movement. Concurrently, DoIT’s security operations center deployed endpoint detection and response tools to identify indicators of compromise.
Traffic logs are under review to trace the intruder’s entry vector, while compromised accounts have been disabled and forced password resets issued across the environment.
Third-party digital forensics experts and federal law enforcement partners have been engaged to augment the investigative team and validate remediation efforts.
Service Operations and Passenger Impact
Despite the breach, core transit services—including Local Bus, Metro Subway, Light Rail, MARC commuter rail, Mobility, and Commuter Bus—remain fully operational.
However, Mobility paratransit platforms are unable to schedule new trips or rebook existing reservations until secure scheduling systems are restored.
Real-time vehicle tracking and rider information feeds have experienced intermittent outages, and call center operations are degraded. MTA has implemented manual backup processes to keep essential services running:
- Previously scheduled Mobility trips for the current week will be honored under existing itineraries.
- The alternative Call-A-Ride program is available at phone (410) 664-2030.
- In urgent medical situations, riders are instructed to contact healthcare providers or emergency services directly.
Ongoing Investigation
MTA and DoIT emphasize that the investigation remains active. Teams are conducting log aggregation and intrusion analysis to determine the scope of data exposure and potential service disruptions.
Initial assessments indicate that no payment or personally identifiable information has been compromised, though forensic confirmation is pending.
In collaboration with MDEM’s SEOC, cybersecurity leaders are executing a comprehensive risk assessment, patching identified vulnerabilities, and hardening system configurations.
Enhanced network segmentation and multi-factor authentication rollouts are in progress to bolster defenses against future attacks.
Moving forward, Maryland Department of Transportation (MDOT/MTA) will provide frequent public updates as new findings emerge.
The department reiterates its priority to safeguard the integrity of transit operations and protect the welfare of both customers and employees during this critical response phase.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
 and the Maryland Department of Information Technology (DoIT).){kind=link}