Muni working to restore system after hack; confident customer, employee data is secure

vlcsnap-2016-11-28-14h42m34s251

 

SAN FRANCISCO (BCN) — San Francisco Municipal Railway fare systems are back up and running but crews are still working Monday to recover from an attack by hackers that resulted in many Muni riders getting free rides on Friday and Saturday.

The attack using ransomware software occurred Friday, when fare machines at all underground Muni stations began to display the message “You hacked, ALL data encrypted.”

The message included an email contact.

While all fare machines were back to normal by Sunday, the hackers have reportedly demanded a ransom to unencrypt affected computers and threatened to release agency data.

San Francisco Municipal Transportation Agency spokesman Paul Rose said the agency had restored around 75 percent of the affected computers as of the end of Sunday and hoped to have that to 100 percent by the end of Monday.

Rose emphasized that transit service and system safety were never compromised during the attack.

In addition, the agency has been working with the Department of Homeland Security and does not believe the hackers have access to any critical data including customer or employee personal data.

“We never even considered paying the ransom nor do we intend to do so,” Rose said.

Investigators do not think the incident was caused by a targeted hacking attack, but rather by someone within the SFMTA system unwittingly clicking on a link in an email or on a web site that downloaded the ransomware software.

The attack affected internal computer systems including email and part of the payroll system, but “never breached our firewall,” Rose said.

Muni officials are still working to calculate the full cost of the incident in terms of lost fares and repair costs, and are working with the FBI to help identify the hackers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s