LA Metro Restricts Network Access Following Discovery of Unauthorized Activity
Learn More
The Los Angeles County Metropolitan Transportation Authority (LA Metro) reported a data breach on March 20, 2026. The incident disrupted internal operations, LA Metro stated that bus and rail services remained operational throughout the event.
The World Leaks ransomware group listed the City of Los Angeles as a victim on its darknet leak site. They did not specifically name LA Metro in their initial post. The group published samples of police interview records related to a 2020 fatal shooting involving the Los Angeles Police Department as proof of the breach.
The compromised data allegedly includes:
- internal files and databases
- Police interview transcripts and records
- 779 individual files of varying sensitivity
The threat actors claim to have stolen approximately 160 gigabytes of data. The number of affected individuals is not disclosed.
LA Metro initiated its safety protocols to isolate affected systems and prevent the further spread of the unauthorized activity. The agency is currently in the process of restoring system access for its staff and investigating the full scope of the intrusion with the help of technical experts.
