Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover

Iranian hackers compromise LACMTA network

Iranian hackers breached the LACMTA system, revealing weeks of operational compromise. The attack, first noted in March, allowed unauthorized access to transit payment databases and control systems. Recovery took approximately 14 days before service resumed at Wilshire/Fairfax station on May 8.

Iranian Hackers Target LACMTA Systems

Security researchers confirm the breach was orchestrated by groups operating under Iranian auspices. The incident centered on LACMTA’s core infrastructure, exposing passenger records and real‑time schedule data to malicious actors. Initial forensic indicators pointed to a sophisticated intrusion that exploited legacy authentication protocols.

• Exploitation of outdated login mechanisms
• Access logs showing unusual routing patterns
• No prior breach reports in public advisories

Gambit Security asserts its assessment is grounded in forensic evidence and activity attributed to Iran’s Ministry of Intelligence and State Security (MOIS). Investigators also observed parallel campaigns against firms in Israel, Saudi Arabia, and Turkey.

If Gambit’s claims hold weight, this incident is part of a broader pattern in which Iranian hackers exploit critical infrastructure to advance geopolitical objectives. As cyber‑warfare evolves, the LACMTA breach underscores the need for coordinated defense across public transit and national security domains.