Moovit News is a comprehensive platform providing the latest updates on urban mobility, smart cities, and transportation innovation from around the world.

How often is the news updated?

Our news content is updated hourly with the latest transportation and urban mobility developments.

What topics does Moovit News cover?

We cover urban mobility, smart cities, public transportation, transportation innovation, sustainable transport, and related urban development topics.

LA Metro Responds to Ransomware Attack

LA Metro shuts internal systems after ransomware attack disrupts station displays

2026-03-25, Moovit News Team

LA Metro Shuts Systems After Ransomware Attack

Los Angeles Metro riders faced disrupted station arrival displays after a ransomware attack forced the transit agency to shut down internal systems. The WorldLeaks cybercrime group targeted Metro as part of a broader attack on the City of Los Angeles, claiming to have stolen 159.9 GB of data. Officials said the agency limited access to internal systems to contain the breach, though train and bus service continued operating.

Los Angeles Metro station platform with arrival display board showing train information, passengers waiting on platform

Context & Background

The Metro attack is part of a wave of ransomware incidents hitting California municipalities in recent weeks. Foster City and other San Francisco Bay Area cities were also targeted, leading to emergency declarations as municipal services were widely disrupted. WorldLeaks emerged in 2025 after rebranding from Hunters International, specializing in stealing company data and threatening public leaks to pressure victims into paying ransoms. Transit agencies have become increasingly attractive targets for cybercriminals due to their critical infrastructure status and the potential for widespread service disruption.

Key Details

The attack forced Metro to shut down and limit access to internal systems, disrupting station arrival displays that riders rely on for real-time train information. Authorities are investigating whether sensitive data was accessed or copied during the incident, though officials haven't said what types of information may have been compromised. The cybercrime organization claims to have stolen 159.9 GB of data from the City of Los Angeles, though the specific contents of that data haven't been disclosed. Core emergency response systems in affected municipalities remained operational despite the widespread disruptions.

Los Angeles Metro control room with computer monitors and transit system displays, cybersecurity operations center

Timeline & Implementation

Law enforcement agencies are working with cybersecurity experts to restore operations and track down the WorldLeaks group, though officials haven't provided a timeline for when full system access will be restored. The transit agency hasn't said when station arrival displays will return to normal operation or how long internal system limitations will remain in place. Authorities continue investigating the scope of the breach and whether additional systems were compromised.

Rider Impact & Moovit

Riders should expect continued disruptions to station information displays until Metro fully restores internal systems. Officials haven't said whether fare payment systems or other rider-facing services were affected by the attack. The incident highlights the vulnerability of transit infrastructure to cyberattacks and the potential for service disruptions even when trains and buses continue running. Moovit provides real-time updates and trip planning for Los Angeles Metro routes, helping riders navigate service changes and system disruptions.