Iranian Hackers Breach Los Angeles Transit System, Steal 700GB of Data

Iranian Hackers Breach Los Angeles Transit System, Steal 700GB of Data

First seen 26 May 2026, 16:10 UTC WionewsTechcrunchCybersecuritydiveIranintlNbcnews+20 89% similarity 77.1

Article Content

Browse articles
ThreatCluster

In March 2026, Iranian hackers linked to the Ministry of Intelligence and Security (MOIS) breached the Los Angeles County Metropolitan Transportation Authority (LACMTA), stealing at least 700 gigabytes of sensitive data, including emails and backups. The attack, attributed to a group called Ababil of Minab, disrupted parts of the transit system's network, though bus and rail services continued to operate. Forensic evidence from Gambit Security confirmed the connection between the hackers and Iranian state operations, indicating that this was not an independent hacktivist group as claimed. The breach was part of a broader campaign targeting organizations in the U.S., Israel, Saudi Arabia, and Turkey, raising concerns about escalating cyber warfare amid ongoing geopolitical tensions. The LACMTA's internal systems were affected, leading to temporary disruptions in customer services, such as fare card reloading. Recovery from the attack took weeks, highlighting the severity of the incident.

Key Points: • Iranian hackers stole 700GB of data from the LACMTA in a March 2026 breach. • The attack was linked to the Iranian Ministry of Intelligence and Security, not an independent group. • The breach disrupted parts of the transit system but did not halt bus and rail services.

ThreatCluster AI

Timeline

2026-03-16
LACMTA breach detected
Unauthorized activity led to the discovery of a breach affecting internal systems and customer services.
abc7.com
2026-04-02
Ababil of Minab claims responsibility
The group claimed to have wiped data from LACMTA's systems, asserting their role in the cyberattack.
Firstpost
2026-05-26
Gambit Security reports on breach
Gambit Security released a report linking the breach to Iranian state-backed hackers, confirming the scale of the data theft.
Nbcnews
2026-05-27
Ongoing recovery efforts
LACMTA continues to work on restoring full access to its systems following the breach, which took weeks to address.
Ground.News

Community

Browse all →