Israeli researchers say Iran behind Los Angeles transit system attack

Israeli cybersecurity firm Gambit Security identified Iranian hackers as the perpetrators behind a March data breach affecting the Los Angeles County Metropolitan Transportation Authority (LACMTA). The attack resulted in the theft of approximately 700 gigabytes of sensitive data, including emails, backups, and other files, after the stolen information was inadvertently exposed online. The breach was confirmed on March 16, with LACMTA officials acknowledging operational disruptions, though train and bus services continued without interruption. Affected systems included arrival screens and consumer transactions, though core transit functions remained operational. Gambit Security linked the attack to a group aligned with Tehran, following claims of responsibility by Ababil of Minab, an obscure pro-Iran hacking collective. The group later posted a video online, allegedly depicting their incursion into LACMTA’s network. While the breach did not halt transit operations, it highlighted vulnerabilities in critical infrastructure systems. Reuters reported the findings based on statements from LACMTA and cybersecurity experts, with the incident raising concerns about state-sponsored cyber threats targeting U.S. public services. The attack follows a pattern of Iranian-linked cyber operations, including previous disruptions in sectors like healthcare and finance. This incident underscores the growing risks posed by foreign actors exploiting digital weaknesses in essential urban services.