Cyberattackers got information on 69 employees, former employees and job applicants at Pittsburgh Regional Transit

Last month’s ransomware attack on Pittsburgh Regional Transit’s computer system compromised Social Security numbers and driver’s license numbers for at least 69 employees, former employees and job applicants.

The investigation is ongoing into the Dec. 19 attack, but spokesman Adam Brandolph said there is no indication at this time that hackers got any financial information about riders, many of whom pay for transit products through their bank accounts or credit cards. Brandolph said he “can’t answer” whether the agency paid a ransom to stop the attack and it doesn’t know whether the attack is over.

The agency posted a notice on its website about the attack Tuesday, notified those whose information it knows was compromised and said it will provide a year of free credit reports to all employees so they can monitor whether someone has stolen their information and is trying to use it. State and federal authorities are investigating the incident.

As a result of the attack, PRT has taken steps to enhance its security by changing all employee passwords, limiting who has access to its system and increasing the ways it monitors computer operations.

The agency said it knew Dec. 27 that some personal information had been compromised in the attack. Brandolph said PRT waited to notify employees because the investigation was ongoing and the agency’s cybersecurity consultant wanted to identify exactly what information was exposed and secure the network to prevent more attacks.

Brandolph couldn’t provide any information on how much the agency has spent investigating the incident and making changes to improve cybersecurity.

The agency noticed a problem with its computer system about 4:30 a.m. Dec. 19, when computers at the agency’s rail control center lost the ability to show where trains were located on the tracks. As it investigated that incident, the agency discovered someone from outside the agency had used ransomware to enter the computer system.

All transit services are running normally, Brandolph said.

“The privacy and security of the information we maintain is very important to us, and we remain committed to doing everything we can to maintain the confidentiality of such information,” CEO Katharine Eagan Kelleman said in a news release. “Our team is working tirelessly to restore systems securely and strengthen our defenses.”