Threat actors have posted a large number of sensitive files online after managing to breach the San Francisco Bay Area Rapid Transit System (BART) Police Department. The leaked files include 120,000 files that include allegations of child abuse, names, birthdates, names and driver’s license numbers of contractors who have worked on BART projects, police reports naming suspects for various crimes, and hiring documents for prospective officers. The attack was the result of threat actors exploiting a vulnerability within the BART system, but normal operations do not appear to have been disrupted.
Public sector entities tend to be at a higher risk for breach due to the lack of budget and ability to hire cyber security professionals. Because of this, many fall victim to cyber-attacks that affect systems with no way to easily mitigate. Customers who believe they may have been a victim of this breach should ensure they are taking the necessary precautions to protect themselves, such as looking out for phishing emails and monitoring credit reports.