Hackers say they’ve published data stolen from St. Louis’ Metro Transit

ST. LOUIS — An anonymous hacker group says it has published data it stole from a regional transportation agency here.

It was not immediately clear what data was published or whether it included sensitive personal information. The hackers earlier this week demanded a ransom be paid or they would release stolen information from the regional transportation system Metro Transit, including passports, Social Security numbers and tax information.

Taulby Roach, the CEO and president of Bi-State Development, which operates Metro Transit, said Thursday the agency did not pay the ransom but did not release more details about the demand.

A union that represents many of Metro Transit’s 1,800 employees said no employees have reported instances of identity theft or other malicious activity stemming from the hack.

Roach said no customer data was stolen, and any impacted employees will be notified.

Employees were told of the data breach earlier this week and offered free credit monitoring through TransUnion, a credit reporting agency.

“We are unaware of any instances where sensitive employee information has been used maliciously,” Roach said in a statement. “However, we encouraged employees to register as soon as possible for the free credit monitoring services and heightened vigilance by our employees for suspicious links or suspicious credit activity.

Brett Callow, an analyst with the New Zealand-based cybersecurity firm Emsisoft, shared a screenshot with the Post-Dispatch that showed files containing what the hackers claimed late Wednesday was stolen Metro data.

Callow said it’s impossible to know exactly what’s in the files without downloading and viewing them, which he said he wouldn’t do because he sees it as an invasion of privacy.

The screenshot was published on an unregulated part of the internet called the dark web, which hackers often use to publish ransom threats and…