“We discovered a trail of evidence connecting the breach to a known Iranian hacking operation.”
Iran linked hackers were behind a major cyberattack that disrupted parts of Los Angeles’ public transit system earlier this year, according to Israeli cybersecurity researchers who investigated the breach.
The attack targeted the Los Angeles County Metropolitan Transportation Authority, one of the largest transit systems in the United States, and forced parts of its network offline in March.
Researchers at Israeli cybersecurity firm Gambit Security said hackers stole at least 700 gigabytes of internal data, including emails, backups and sensitive files connected to the transit agency.
The group believed to be responsible is known as Ababil of Minab, a pro Iran hacking operation that has claimed responsibility for several cyberattacks in recent months.
According to investigators, the hackers later posted videos online appearing to show access inside the transit system’s network.
“The scale of the data exposure was serious,” one cybersecurity researcher involved in the investigation said.
Despite the breach, officials said train and bus operations continued running normally. However, some digital services were disrupted, including arrival displays and payment related systems.
Transit users in Los Angeles said the incident left many people uneasy, especially because public transportation systems are used daily by thousands of residents.
“You hear about hacks all the time now, but hearing it happened to the transit system makes people nervous,” one commuter said.
Federal authorities are now involved in the investigation, alongside cybersecurity experts trying to understand how deeply the hackers may have accessed internal systems.
The report also adds to growing concern over cyber activity linked to tensions involving Iran, the United States and Israel.
Since the start of the Iran conflict earlier this year, cybersecurity experts say attacks connected to Iranian linked groups have increased sharply, targeting government systems, companies and infrastructure across multiple countries.
The same hacker group has also reportedly claimed attacks on transportation systems in Florida, vehicle tracking companies and infrastructure networks connected to Saudi Arabia.
One analyst said modern conflicts are no longer limited to physical battlefields.
“Cyberwar is now part of almost every major geopolitical conflict,” the analyst said.
Officials have not publicly confirmed whether any passenger personal data was exposed during the Los Angeles breach, though investigations are still ongoing.
The transit authority has also not released full details about the financial or operational impact caused by the attack.
For many people following the story, the incident is another reminder that transportation systems, hospitals, banks and communication networks are increasingly becoming targets during international conflicts, even far away from the actual war zones themselves.
