L.A. Metro Grapples with Cyberattack, Restoring Systems

Transit agency works to secure servers and bring critical services back online after unauthorized activity detected

Apr. 3, 2026 at 1:18am

Got story updates? Submit your updates here. ›

A highly detailed 3D illustration of glowing, neon-lit cybersecurity infrastructure components like servers, routers, and network cables, representing the complex digital backbone of a major public transit system. The image conveys a sense of both vulnerability and resilience in the face of a cyberattack.As transit agencies grapple with growing cybersecurity threats, the LA Metro system's ability to maintain essential services during a recent breach highlights both its technical resilience and the broader vulnerability of critical infrastructure to malicious hacking.Los Angeles Today

The Los Angeles Metro transit system shut down parts of its network last month after discovering a cybersecurity breach, and officials are still working to fully restore operations and investigate the incident. The agency has been methodically reviewing over 1,400 servers to ensure they are secure before bringing systems back online, a painstaking process that has allowed rail and bus service to continue uninterrupted.

Why it matters

Cyberattacks on critical infrastructure like public transit have become an increasing concern, with several high-profile incidents impacting government agencies and educational institutions in the Los Angeles area in recent years. The Metro breach highlights the challenges transit systems face in protecting sensitive data and operational technology from sophisticated hackers.

The details

On March 16, the LA Metro security team detected unauthorized activity on the agency's internal administrative computer systems and proactively limited employee access as a precaution. Officials say the investigation into the scope and origin of the attack is ongoing, and they do not yet know what data may have been targeted. Restoring full functionality has required individually reviewing each of the agency's 1,400 servers to verify they are secure before bringing systems back online.

  • On March 16, the LA Metro security team detected the unauthorized activity.
  • In 2024, the Los Angeles County Superior Court was hit by a ransomware attack.
  • In 2023, UCLA was the victim of a cyberattack.
  • In 2022, the Los Angeles Unified School District's network was breached, exposing student records.

The players

LA Metro

The Los Angeles County Metropolitan Transportation Authority, the public transportation system serving the Greater Los Angeles area.

Fernando Dutra

A member of the LA Metro board of directors.

Got photos? Submit your photos here. ›

What they’re saying

“When you think in terms of how big we are — we're a beast. And so before we can turn the water spigot back on, we have to go through and check each one of these servers to make sure it's clean. So that's the reason it's taking a little bit longer.”

— Fernando Dutra, LA Metro Board Member

“What is amazing [to] us [is] that we were able to maintain all of our bus and train services throughout this entire process.”

— Fernando Dutra, LA Metro Board Member

What’s next

Officials continue to investigate the source and scope of the cyberattack, and are working to fully restore all LA Metro systems while ensuring robust security measures are in place.

The takeaway

The LA Metro breach underscores the growing threat of sophisticated cyberattacks targeting critical infrastructure, and the challenges transit agencies face in protecting sensitive data and operational technology. The agency's ability to maintain essential services during the incident highlights the resilience of its systems, but also raises concerns about the broader vulnerability of public services to malicious hacking.