LA Metro ransomware hit

Metro framed the action as a containment step and said “restricting systems following the discovery of unauthorized access is part of Metro’s standard safety protocols,” a line the agency used in a March 20, 2026 statement. (abc7.com) Metro advised customers to add value at staffed station ticket vending machines after online TAP account tools and customer-service phone lines experienced problems, directing riders away from web and phone reload options. (nbclosangeles.com) The agency told reporters that customer and employee data were not compromised and that internal access would be restored only after a sequence of security checks and forensic review. (nbclosangeles.com) A named commuter, Raymond Causly of Compton, told ABC7 he experienced repeated failed payment attempts on a kiosk and on his phone during the incident, illustrating on-the-ground payment friction. (abc7.com) Coverage varied in terminology: outlets such as Railway Supply described a “computer hack,” while Metro consistently used the phrase “unauthorized activity,” showing discrepancy between agency language and some media characterizations. (railway.supply) Metro posted a homepage alert warning that real-time posting of bus and rail service information might be delayed, and a check of Metro’s News Releases archive did not show an incident-specific press release in the agency’s public releases section at the time of reporting. (hoodline.com)