Earlier this month, SEPTA, Philly’s public transportation network, experienced a malware attack that shut down real-time data for riders, access to internal servers and email for SEPTA employees.
Riders and employees first started experiencing problems on Monday, Aug. 10, The Philadelphia Inquirer reported, and experienced problems for at least two weeks. The malware (aka malicious software) attack also caused SEPTA to shut down access to payroll and remote timekeeping, and SEPTA’s headquarters at 12th and Market streets didn’t have internet as of Monday.
Most noticeably felt by riders was the lack of real-time data usually available in SEPTA mobile app, or on time boards at stations. It’s a function only rolled out by the transit authority in 2016, when SEPTA began installing cellular modems on every vehicle to track their location and status.
And if you were wondering, yes — Is SEPTA Fucked?‘s Doug Muth told Technical.ly that his site was affected, too, as the API that allows for its automatic updates was down.
@iamFelishaMarie Disappointed to hear this. Unfortunately, we are still experiencing network issues which prevents us from providing tracking and real-time information. Our IT Team is working around the clock to restore operations. Our apologies for the inconvenience. ^JA
— SEPTA_SOCIAL (@SEPTA_SOCIAL) August 24, 2020
SEPTA Chief Press Officer Andrew Busch told Technical.ly that the transit authority shut down the real-time data, email and other systems on Aug. 10 to mitigate the impact of the attack. He said that his team does not yet know the specific technical details of the malware attack, or “if specific data or servers were targeted,” but the FBI has gotten involved in the investigation, as have forensic and other outside experts.
“We are taking a methodical approach to this to ensure that when systems come back, they are protected from malware attacks,” he said.
An attack like this is new territory to the transportation authority, Busch said. It’s never seen a malware attack at this scale, but last year, there was an unrelated hack of SEPTA’s online store, which sold SEPTA-related merchandise. The incident lead to the permanent shutdown of the store.
Although the attack shut down much of SEPTA internal operations and has prevented riders from getting real-time data, Busch emphasized that the SEPTA Key system was unaffected, as it’s on a separate, air-gapped server that is operated by a third party.
“There is no impact to customer information or accounts on the SEPTA Key system,” he said.
This malware attack is another strain on the transit authority, which was already feeling the side effects of low ridership during the coronavirus pandemic and new rules surrounding social distancing and mask wearing. At least seven SEPTA employees have died because of the virus, and more than 300 employees have been recorded as contracting it, the Inquirer reported.
The attack is one of the more public and widespread cyberattacks to a City operation since last summer, when the Philadelphia Courts website detected a virus and shut down in response. It did so as a preventative measure after a virus was detected on multiple computers in the First Judicial District, and stayed down for at least a month, prompting some workarounds like checking into jury duty on Twitter and a noticeable disruption to the real estate market.
Riders saw a return of the “next-to-arrive” real-time data Monday afternoon, but there’s no definitive timeline for when all SEPTA operations will be back and fully functioning. The authority will only do so when it’s assured it’s 100% safe, Busch said.
Good News! TransitView, TrainView, Next To Arrive, & Detours are available [again] on the Official SEPTA App and via System Status on https://t.co/nEoMDgQNaJ. #ISEPTAPHILLY pic.twitter.com/mslAH5HDn0
— ISEPTAPHILLY (@SEPTAPHILLY) August 25, 2020
Before you go...
Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.
3 ways to support our work:- Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
- Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
- Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!