A group of Russian hackers repeatedly attempted to destroy the data and internal network at BART in an apparent ransomware attack, according to an internal BART police memo obtained on Wednesday.
The attack resulted in the disclosure of over 120,000 files related to BART’s police force operations. Among the documents, which were posted on a dark web site, were at least six unredacted reports detailing suspected child abuse, driver’s license numbers, and mental health evaluations. The files include personal information of the children and alleged abusers in some cases, according to a review from NBC News.
The hackers made “multiple sophisticated attempts” on BART’s network, the memo from BART Chief of Police Ed Alvarez said.
“Most of these attempts were unsuccessful,” Alvarez said. “Unfortunately, the attackers were able to exfiltrate less than 1% of the District’s internal business records.”
This hack did not include rider databases or financial records, according to a separate email sent to BART’s board of directors.
The hack was perpetrated by Vice Society, a notorious Russian criminal group that has targeted schools, hospitals, and public agencies around the world with ransomware attacks, according to Alvarez’s memo. Last week Brett Callow, a cybersecurity analyst at Emsisoft, said the group listed BART as the target of an attack.
“It’s often the case that other people scrape the data,” said Callow, in an interview. “Once the data is posted on these sites there is no way of knowing where it will end up or what other people may do with it.”
In an initial statement on Wednesday, BART spokesperson Alicia Trost said the agency is “investigating the data that has been posted.”
“To be clear, no BART services or internal business systems have been impacted,” she said. “As with other government agencies, we are taking all necessary precautions to respond.”
A summary of the incident provided to BART board members and the media, said the agency worked in consultation with state and federal law enforcement and outside cybersecurity experts after detecting the attack. A BART spokesperson declined to provide further details of the attack or if there was any attempt to negotiate a ransom with the hackers.
BART said it contracted with a data forensics firm to identify personal information disclosed in the hack and notify impacted individuals.