The Sacramento Regional Transit (SacRT) public transportation agency was forced to shut down its website due to a security breach that took place on Saturday, November 18.

The shutdown happened after an unknown hacker had breached its server and defaced the agency's portal with a message that read:

I'm sorry to modify the home page,i'm good hacker,i I just want to help you fix these vulnerability
This is one of the loopholes, modify the home page is to let you know there are loopholes, Not just this one loophole!
It's Very Dangerous!!please contact me as soon as possible
Please contact me email to help you fix these vulnerability:)
nesddjerfn@protonmail.com

SacRT defaced homepage

The hacker also tried to extort the company for 1 Bitcoin, worth $7,000 over the weekend. When the extortion attempt failed, the hacker deleted around 30% of the files it found on SacRT's server.

Sacramento public transport not affected in any way

According to Sacramento local press [1, 2, 3], SacRT's public transit operations were not affected by the incident, and the agency continued to operate through the downtime. Employees reverted back to using pen and paper to manage daily operations.

SacRT said it was working to restore the deleted files from backup and was expected to restore its site and adjacent systems by Tuesday. At the time of writing, the agency's website is still down.

One year ago, in November 2016, the San Francisco Municipal Railway public transportation system was hit with the HDDCryptor (Mamba) ransomware. Because the ransomware affected the San Francisco agency ticketing systems, locals were permitted to ride trains for free for a few hours.

Related Articles:

Dell Systems Hacked to Steal Customer Information

First GDPR Sanction in Germany Fines Flirty Chat Platform EUR 20,000

Hacker Say They Compromised ProtonMail. ProtonMail Says It's BS.

Infowars Store Affected by Magecart Credit Card Stealing Hack

Pentagon Data Breach Exposes up to 30,000 Travel Records