The Los Angeles Metro's internal systems have experienced a security incident

During the second half of March 2026, the Los Angeles Metropolitan Transportation Authority (LA Metro) detected unauthorised activity on part of its internal IT infrastructure. The incident was identified by the organisation’s security teams on 16 March, at which point response protocols were activated to contain the unauthorised access. Although the investigation continued over the following weeks, the organisation subsequently confirmed that it had been the victim of a cyberattack affecting various administrative systems. From the outset of the incident, LA Metro stated that essential rail and bus services continued to operate normally and without disruption to users.

The attack primarily affected internal systems used for administrative and management tasks. As a containment measure, LA Metro pre-emptively restricted employee access to numerous corporate systems whilst the scope of the intrusion was being analysed and the integrity of the affected servers verified. During this process, incidents were reported in some IT support services, such as information displays and certain operational management functions, although public transport continued to operate. Weeks later, a group calling itself Ababil of Minab claimed responsibility for the attack and stated that it had destroyed large volumes of data and exfiltrated information.

To date, the incident remains under review and investigation by technical teams and the relevant authorities. LA Metro reported that it was inspecting and restoring the affected systems to ensure their safety before bringing them back into operation. The organisation also stated that determining who was responsible for the attack was part of the ongoing investigation and declined to comment on the identity of those responsible whilst the investigation was ongoing.