OmniRide confirms data breach following ransomware incident

Public bus service OmniRide said a data security incident it suffered last year compromised the sensitive personal information of its customers.

 

Headquartered in Woodbridge, Virginia, OmniRide—operated by the Potomac and Rappahannock Transportation Commission—serves Northern Virginia with a range of transportation options, including local and express bus routes, vanpools, and ride-sharing services.

 

In a data security incident notice filed with the Office of the Attorney General of New Hampshire, PRTC said that on December 11, it identified a ransomware attack where threat actors infiltrated its internal network, stole confidential data and planted malware to encrypt critical systems.

 

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident. It also took steps to secure the compromised network and notified relevant law enforcement authorities about the ransomware attack.

 

“Our investigation revealed that threat actors gained access to the Commission’s

servers on or about December 11, 2024, likely through the Commission’s SonicWall SSL VPN. The threat actors were able to acquire a limited set of data from the Commission’s network before being detected,” PRTC said.

 

The compromised data included names and other personal identifiers. 

 

“We take the confidentiality, privacy, and security of information in our care seriously.  While the investigation remains ongoing, we are taking steps now to implement additional safeguards and review policies and procedures relating to data privacy and security,” the company added.

 

While PRTC found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

Although PRTC did not disclose who was responsible for the attack or the extent of the data stolen, the Fog Ransom ransomware group claimed responsibility and listed OmniRide as a victim on its data leak site. The group claimed to have stolen 7.2 GB of data, including the company’s financial records and HR documents, and threatened to publish it unless their ransom demands were fulfilled.