Skip to main content
News

BART cybersecurity under review after 120,000 sensitive files leaked

A police officer stands guard near the gates to enter the BART train system.
A BART Police office stands guard at the Powell BART Station entrance in San Francisco. | Amy Osborne/San Francisco Chronicle via Getty Images | Source: Amy Osborne/San Francisco Chronicle via Getty Images

Ransomware hackers released last week a collection of 120,000 BART Police Department files on the dark web, including case documents related to child abuse. 

Brett Callow, a cybersecurity analyst at Emsisoft, shared information on social media showing that BART appeared to be the latest victim of the prolific ransomware hacker group Vice Society, which is known for attacking government institutions, from schools to fire departments, across the world.

The collection includes at least six reports detailing suspected child abuse. According to a report from NBC News, the children’s personal information, and, in some cases, that of their alleged abusers, was included.

In a memo to the transit agency’s governing board, BART officials shared information about the incident.

Analysis of the breach found that none of the information included rider databases or financial records, according to the memo.

The files, which represent less than 1% of BART’s internal records, were taken from BART Police Department servers managed by the transit agency’s Office of the Chief Information Officer.

BART is taking action to respond to the breach.

“In consultation with State and Federal law enforcement, as well as with outside cybersecurity experts, the district has implemented specific steps to safeguard against future unauthorized access,” the memo states.

BART has hired a data forensics firm to compile a full list of all sensitive information in the collection and help it comply with privacy protection rules. The firm will also advise on services to protect sensitive data.

Federal authorities issued a joint cybersecurity advisory in September that singled out Vice Society for targeting schools that do not have resources to combat such breaches. In 2019, the FBI issued an alert to the public warning of high-impact ransomware targeting businesses and organizations.

BART Board President Janice Li told The Standard that the agency has been managing the breach for weeks. Employees identified it, tracked it, locked down agency data and worked with the FBI.

Li emphasized that train controls are secure, and said the agency is in a better position than many other public organizations, such as schools.

“Your BART ride is safe,” Li said. “Nothing about this threat will affect the safety of our BART passengers.”

BART General Manager Robert Powers will give a brief update during the agency’s Thursday board meeting.

Alex Mullaney can be reached at amullaney@sfstandard.com