gambit.security
Iranian Hackers Breach Los Angeles Transit System, Steal 700GB of Data
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In March 2026, Iranian hackers linked to the Ministry of Intelligence and Security (MOIS) breached the Los Angeles County Metropolitan Transportation Authority (LACMTA), stealing at least 700 gigabytes of sensitive data, including emails and backups. The attack, attributed to a group called Ababil of Minab, disrupted parts of the transit system's network, though bus and rail services continued to operate. Forensic evidence from Gambit Security confirmed the connection between the hackers and Iranian state operations, indicating that this was not an independent hacktivist group as claimed. The breach was part of a broader campaign targeting organizations in the U.S., Israel, Saudi Arabia, and Turkey, raising concerns about escalating cyber warfare amid ongoing geopolitical tensions. The LACMTA's internal systems were affected, leading to temporary disruptions in customer services, such as fare card reloading. Recovery from the attack took weeks, highlighting the severity of the incident.
Key Points: • Iranian hackers stole 700GB of data from the LACMTA in a March 2026 breach. • The attack was linked to the Iranian Ministry of Intelligence and Security, not an independent group. • The breach disrupted parts of the transit system but did not halt bus and rail services.