Hackers with suspected China ties breached MTA servers in April

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Hackers with possible ties to the Chinese government breached three of the MTA’s computer systems earlier this year, transit officials said Wednesday.

The breach occurred on two separate days in the second week of April and continued unchecked until being discovered on April 20, officials said. Hackers did not access systems related to train operations, safety or customer or employee information, the MTA said.

The authority “quickly and aggressively responded to this attack,” MTA Chief Technology Officer Rafail Portnoy said in a statement. An outside audit “found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” Portnoy said.

“The MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat,” he added.

To gain access, the hackers took advantage of vulnerabilities in the remote work tool Pulse Connect Secure to breach three systems used by the MTA’s city transit and commuter rail divisions, according to the New York Times, which first reported the breach.

The hackers reportedly left “web shells” to maintain backdoor access to the MTA’s system, the Times said — and also took steps to erase evidence of their intervention.

MTA officials said the federal Cybersecurity and Infrastructure Security Agency ordered “fixes and patches” that were made within 24 hours of the breach’s discovery. Addressing the breach cost the MTA an estimated $370,000, the Times said.

The MTA has 18 total computer systems. About 5 percent of the MTA’s workforce were instructed to change their passwords as a result of April’s breach, officials said.

The attack is one of several this year that cybersecurity experts suspect are backed by the Chinese government, either directly or indirectly, the Times said.

Dozens of government agencies, contractors and financial institutions were hit by the wave of attacks, which were uncovered in late April.

With Post wires