The Columbus Dispatch

Sensitive info not accessed in hack

- Dean Narciso

The cyber hack that forced the Central Ohio Transit Authority (COTA) to shut down its computer network in December caused no ongoing threat to employees or customers, according to a security probe completed even as a law enforcemen­t investigat­ion continues.

Officials said Friday that while a third party hacked into one of its servers, there is no indication that “personally identifiab­le informatio­n was accessed” and that “there are no active, ongoing cyber-security threats within our systems,” said Sophia Mohr, COTA’S chief innovation and technical officer

Even so, COTA is offering its employees free monitoring for one of three credit bureaus.

When COTA learned on Dec. 12 that its systems had been hacked, officials shut down its network, removed it from the internet and hired Surefire Cyber to collect and analyze data and logs from 590 COTA operating systems.

COTA continued operating all transit services during the IT network outage. But for weeks, riders didn’t have Wi-fi access and buses couldn’t track realtime transit informatio­n or plan trips. All operations have since returned to normal.

Transit Columbus, an advocacy group, criticized COTA for not fully informing the public and lacking leadership and responsibi­lity for the hack.

Mohr, who has been in her position for 18 months, called the problem “a growing, global concern” that can be mitigated “by making sure that you have the proper monitoring in place.”

Christina Wendell, chief legal and general counsel for COTA, declined to say who or what was responsibl­e for the attack.

“There’s law enforcemen­t involved, multiple agencies,” Wendell said. “So I don’t think we want to interfere with that.”

Patrick Harris, COTA’S vice president of external affairs, had said that taking systems offline quickly protected COTA employees and customers and their personal informatio­n.

“We’re proud of how we reacted,” Harris said.

Similar attacks have happened elsewhere, including a malware attack on the Philadelph­ia area’s transit system, SEPTA, in 2020. And in January of 2020, Columbus Metropolit­an Library officials learned that personal informatio­n from W-2 tax forms of 75 library employees was mistakenly emailed in 2018 to somebody posing as library director Pat Losinski. The library system also offered credit bureau monitoring. dnarciso@dispatch.com @Deannarcid­o

?? JOSHUA A. BICKEL/COLUMBUS DISPATCH ?? A COTA bus sits parked outside the COTA Customer Experience Center in 2019 in Columbus.
JOSHUA A. BICKEL/COLUMBUS DISPATCH A COTA bus sits parked outside the COTA Customer Experience Center in 2019 in Columbus.

Newspapers in English

Newspapers from United States