Cyber incident disrupts some Maryland Transit Administration systems

The Maryland Transit Administration in Baltimore, Maryland, said on August 24, 2025, that it is investigating a cybersecurity incident involving unauthorized access that is disrupting some systems, including Mobility paratransit trip scheduling, real-time arrival information and call centers. Core services — Local Bus, Metro Subway, Light Rail, MARC, Mobility, Call-A-Ride and Commuter Bus — are operating, but riders will not see station alerts for train arrivals and departures. Officials urged riders, especially students headed back to school, to allow extra time. The agency said third-party experts and law enforcement are assisting, and Maryland’s Statewide Emergency Operations Center has been activated in response.

MTA said previously scheduled Mobility trips this week will be honored, but new bookings and rebookings are unavailable; riders with urgent medical needs should contact their providers or call 911, and eligible riders may consider Call-A-Ride at 410-664-2030. Officials noted broader impacts to service operations and information systems while containment and assessment continue, and one local outlet reported authorities have secured the network. The agency added extra staff to support back-to-school commuting. Transit agencies have been frequent cyber targets in recent years, with Pittsburgh Regional Transit hit in December 2024 and Honolulu’s TheBus in June 2024.