Moovit News is a comprehensive platform providing the latest updates on urban mobility, smart cities, and transportation innovation from around the world.

How often is the news updated?

Our news content is updated hourly with the latest transportation and urban mobility developments.

What topics does Moovit News cover?

We cover urban mobility, smart cities, public transportation, transportation innovation, sustainable transport, and related urban development topics.

LA Metro Restores Systems After Cyberattack

LA Metro restricts systems after WorldLeaks ransomware group claims 159.9 GB data theft

2026-03-24, Moovit News Team

LA Metro Restricts Systems After Cyberattack

LA Metro riders faced disruptions to arrival displays and online TAP card services after the transit agency detected a cyberattack on March 20, 2026. Metro officials restricted access to internal administrative systems as a precautionary measure following the security breach. The WorldLeaks ransomware group claimed responsibility on March 21, allegedly stealing 159.9 GB of data from both Metro and City of Los Angeles systems. Rail and bus services continued operating normally despite the incident.

LA Metro train at downtown station platform with passengers waiting, showing typical daily operations during cybersecurity incident

Breach Disrupts Customer Information Systems

The cyberattack disrupted station arrival time displays across the Metro system, preventing monitors from showing real-time information for trains and buses. Customers experienced difficulties adding funds to TAP cards through the website and customer service lines, though ticket vending machines remained operational for card reloading. Metro officials said the restrictions on internal systems were implemented immediately after detecting unauthorized activity on administrative computer networks. The agency didn't specify how long the disruptions would last or when full system access would be restored.

WorldLeaks Group Targets Multiple California Systems

WorldLeaks, which emerged in 2025 after rebranding from Hunters International, focuses on data theft and extortion rather than traditional ransomware encryption. The group conducted similar attacks in the San Francisco Bay Area, prompting Foster City to declare a state of emergency due to widespread disruption of municipal services. Authorities are investigating whether sensitive rider or employee data was accessed or copied during the Metro attack. Officials haven't said what specific types of information may have been compromised in the alleged 159.9 GB data theft.

Metro Works to Restore Full System Access

Metro officials stated they're working to restore full access to internal systems following comprehensive security checks. The agency implemented the restrictions as a precautionary measure to prevent further unauthorized access while cybersecurity teams assess the breach's scope. Law enforcement is intensifying efforts to track down and disrupt the WorldLeaks cybercrime organization. Officials didn't provide a timeline for when internal systems would return to normal operations or when customer-facing services would be fully restored.

LA Metro TAP card vending machine at station, showing alternative method for riders to reload cards during system disruption

Riders Should Monitor Service Updates

Metro riders should expect continued disruptions to arrival time displays and online TAP card services until officials complete security assessments and restore full system access. Station staff can provide schedule information while digital displays remain affected. Moovit provides real-time updates and alternative route planning for LA Metro's rail and bus services during the system recovery.