LA Metro Restricts Access to Internal Systems After Breach

Station arrival times disrupted as transit agency investigates unauthorized activity

Mar. 20, 2026 at 5:33am

Got story updates? Submit your updates here. ›

Los Angeles Metro has restricted access to its internal administrative computer systems after detecting unauthorized activity, leading to disruptions in station arrival time displays. While rail and bus services remain unaffected, customers may experience issues adding funds to TAP cards online or through customer service. Metro is working to restore full access following security checks.

Why it matters

This cybersecurity incident at one of the nation's largest public transit systems raises concerns about the vulnerability of critical infrastructure to digital attacks, which could disrupt essential services and public transportation for millions of riders.

The details

Metro said the unauthorized activity was detected on its internal administrative computer systems, prompting the agency to limit access as a precaution. This resulted in station monitors not displaying arrival times for trains and buses. Customers were advised to use ticket vending machines to add funds to TAP cards, as the website and customer service lines experienced issues.

  • The incident was first announced by Metro on March 20, 2026.

The players

Los Angeles Metro

The public transportation system serving the Greater Los Angeles area, one of the largest in the United States.

Got photos? Submit your photos here. ›

What’s next

Metro stated it is working to restore full access to its internal systems following a series of security checks to investigate and address the unauthorized activity.

The takeaway

This cybersecurity breach at a major transit agency underscores the importance of robust cybersecurity measures to protect critical infrastructure and public services from disruption, as well as the need for ongoing vigilance against evolving digital threats.