What Pittsburgh Regional Transit last week thought was a computer glitch that affected rail service has turned out to be a ransomware attack on the transit service.

The agency announced Monday that it launched an investigation as soon as it discovered the attack and “activated its Cyber Incident Response Team, notified law enforcement, and engaged nationally recognized third-party cybersecurity and data forensics experts,” it said in a news release.

In an interview, spokesman Adam Brandolph said the agency is limited in what it can say about the incident due to the ongoing investigation, but at this point the agency doesn’t believe personal rider information has been compromised.

“We don’t know if any information has been compromised,” Brandolph said. “That is still under investigation.”

The agency’s transit services are operating normally, Brandolph said, and customers are able to use services that add money to their ConnectCard or give them up-to-date information on the location of transit vehicles. Internally, employees in the customer service office can’t work remotely, and problems reported to the center have to be written by hand rather than being entered into the computer system.

At this point, Brandolph said, the agency is not recommending that riders stop entering personal information into the agency’s system.

“For the average rider – the vast majority of our riders – they can go about their normal use of the system,” Brandolph said.

The attack is still an active investigation. As a result, Brandolph said he couldn’t comment on whether the attack has been stopped or whether whoever hacked into the system is trying to get money or anything else from the agency to stop the attack.

“I’m sorry we can’t comment on that at this point,” Brandolph said. “We’re trying to be as transparent as possible.

“There are appropriate steps that need to be taken, and we are in the middle of doing that. We are hoping to get through it as quickly as possible.”

The incident began about 4:30 a.m. Thursday when computers at the agency’s rail control center lost the ability to show where rail cars were located. Fortunately, that was before service started, and the problem was cleared by about 7 a.m.

Staff investigating that incident discovered the system had been attacked and started the investigation.

Brandolph said the agency thought it had a strong security system to protect its computer operations, but someone still hacked in.

“We’re taking the appropriate steps so that any and all information is as protected as possible,” he said. “Because of the nature of the situation, there are certain aspects of the situation that we can’t comment on. We’re hopeful that changes in the next few days or few weeks so we can be more forthcoming.”

Ed Blazina

Ed covers transportation at the Pittsburgh Post-Gazette, but he's currently on strike. Email him at eblazina@unionprogress.com.

Ed Blazina

Ed covers transportation at the Pittsburgh Post-Gazette, but he's currently on strike. Email him at eblazina@unionprogress.com.