Maryland cyber-attack disrupts bus tracking and exposes personal data

The incident, which occurred in late August, has been claimed by the Rhysida ransomware group, known for targeting public institutions worldwide

The Maryland Transit Administration (MTA) acknowledged “incident-related data loss” and said real-time tracking for some bus routes remains unavailable.

 

Rhysida claims to have stolen Social Security numbers, driver’s license details, home addresses, passports, and legal documents, demanding a ransom of 30 Bitcoin (about $3.3 million) to prevent disclosure.

 

State cybersecurity officials are working with third-party experts to assess the breach, restore services, and determine which individuals may be affected. Maryland has pledged to notify victims and provide assistance if the stolen data is verified as authentic.

 

Authorities are also urging citizens to adopt stronger security measures such as updated passwords and multi-factor authentication.

 

The attack highlights the growing risks facing state and local governments, where ransomware campaigns increasingly disrupt essential public services. Rhysida, active throughout 2025, has been linked to at least eight confirmed breaches, underscoring the vulnerability of critical infrastructure to cybercrime.