On the evening of May 7, Metro experienced a cyberattack that temporarily took down its main website, WMATA.com. The issue was first noticed when a tweet at 7:51 p.m. indicated that the site was down. It soon became evident that Metro was under a denial-of-service (DoS) attack, designed to flood the network with excessive traffic and disrupt its functionality. The website was fully restored after about two hours, and Metro confirmed that no customer or employee data was compromised during the incident. Additionally, essential services like the SmarTrip app and mobile transactions remained unaffected.
Steve McKeon, a cybersecurity expert, explained that the objective of such attacks is to overwhelm the network, making it impossible to operate. He likened it to overloading a hose with more water than it can handle. McKeon emphasized that hackers aim to extract as much value as possible by exploring the network for valuable information. Despite the attack, he reassured that riders’ SmarTrip accounts and personal information should be secure.
Metro frequently deals with cyberattacks, but McKeon advised that this incident should prompt a thorough review of Metro’s IT systems to ensure no further vulnerabilities. Metro has notified the Transportation Security Administration (TSA), which, along with the Federal Transit Administration and Cybersecurity and Infrastructure Security Agency, is now aware of the cyberattack. The TSA has a vested interest in the cybersecurity of both surface and air transportation, underscoring the importance of robust defenses against such incidents.
