IT Curves, a Maryland transit software vendor, was the subject of a claimed cyberattack after a scheduling system incident disrupted paratransit trip confirmations in at least one jurisdiction.
The clearest public sign of customer impact came from Allegany County Transit in Maryland. A May 6 county Facebook notice said riders with May 6 and May 7 pickups had to call Transit to confirm their trips because of a cybersecurity incident involving a third-party scheduling vendor.
Hours after DysruptionHub sent questions to Allegany County on June 10, the county’s Facebook notice was no longer publicly available. DysruptionHub retained screenshots and archived records of the notice. The county did not respond to follow-up questions about why the post was removed, edited, restricted or replaced, or whether the notice was retained under Maryland public records rules.
Maryland State Archives guidance says government records may include electronic records created in the conduct of public business and that public records may not be disposed of without authorization under an approved retention schedule.
Allegany County did not name the vendor. IT Curves-hosted systems and public listings reviewed by DysruptionHub point to IT Curves as a likely vendor connection, but neither the county nor the company has confirmed that IT Curves was the vendor referenced in the alert.
IT Curves supports the back-office systems transit agencies use to schedule trips, dispatch vehicles and manage rider reservations. The Gaithersburg company says it has provided transportation-management tools since 2008 for public and private operators.
A group calling itself Ababil of Minab claimed June 9 that “the official platform of IT Curves” had been hacked, posting screenshots it said showed access to company systems. The group claimed 20 critical machines were compromised, about 20 TB of data was wiped and about 2 TB of sensitive data was exfiltrated. DysruptionHub has not independently verified those claims.
Gambit Security said Ababil of Minab surfaced as a pro-Iranian persona claiming the LA Metro intrusion, but that forensic evidence indicated the operation was unlikely to be a new standalone hacktivist crew. The firm said the activity overlapped with infrastructure and operations previously tied by Israel’s National Cyber Directorate to Iran’s Ministry of Intelligence and Security.
Gambit said the destructive campaign targeted transportation and connected-vehicle systems, including LA Metro, South Florida Regional Transportation Authority and Agnik’s Vyncs vehicle-tracking service. The firm said the playbook targeted IT, applications, virtualization and backup infrastructure to complicate recovery.
Gambit’s reporting does not verify the IT Curves claim, but it raises the significance of the allegation because the same persona has been linked by a security firm to a destructive transportation-sector campaign.
IT Curves has not publicly confirmed the incident in sources reviewed by DysruptionHub. The company, Allegany County and law enforcement have not confirmed data theft, data wiping, the number of affected systems or a threat actor.
IT Curves describes its platform as covering scheduling, dispatch, financial reconciliation, communication and vehicle management. Its site also lists reservation cloud tools, automated dispatch, manifest building, in-vehicle devices, real-time location data, on-demand trip capabilities, rider wallet functions and rider eligibility systems.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The South West Transit Association directory lists IT Curves in categories including operations and management, fare collection, information systems, scheduling and dispatch software, and transit software. The directory says the company supports public transit agencies, paratransit, nonemergency medical transportation and private transportation companies, and lists its address in Gaithersburg.
The Allegany County impact appears limited in public records to pickup confirmations for two service dates. The narrow notice suggests the issue involved the availability or reliability of near-term scheduling records, but officials have not said whether the vendor restored from backup, rebuilt systems, manually reconciled trips or dealt with a synchronization problem.
DysruptionHub sent questions to Allegany County and IT Curves asking whether IT Curves was the scheduling vendor, whether transit systems were disrupted, whether data was accessed and whether the Ababil claim was connected. Neither had responded by publication.
The notice gave no restoration timeline and did not say whether rider data was accessed, whether trips were missed or whether later reservations were affected. The scope of affected systems, the vendor’s identity and whether any other transit customers were disrupted remain unclear.
