TheBus and TheHandi-Van websites and real-time GPS vehicle information for both remain offline today and the city suffered a second cyberattack Sunday night that disabled the Board of Water Supply’s timekeeping system.
TheBus and TheHandi-Van websites, along with real-time GPS vehicle information websites HEA for TheBus and EVA TheHandi-Van, remain offline. Mobile applications Transit and DaBus are reporting scheduled data instead, but not real-time locations, Deputy Director of the city Department of Transportation Services Jon Nouchi told the Honolulu Star-Advertiser this afternoon.
HOLO cards are not working, but riders are encouraged to show them to the driver and tap them as usual.
“OTS has restored the most critical operations networks to enable TheBus and TheHandi-Van to operate regularly. We are meticulously rebuilding and re-configuring all servers and user desktops to ensure no traces of the attack remain before bringing networks back online,” Nouchi said. “Pending reasonable security checks and acceptable security assurances on the OTS network, we will restore the HOLO card system and work towards a full restoration of all regular network services with an emphasis on security, risk, and caution. At this time, we do not believe any personal or financial information was compromised. We apologize for any inconvenience to our passengers.”
Speaking to the Star-Advertiser’s “Spotlight Hawaii” livestream this morning, Honolulu Mayor Rick Blangiardi said he was briefed this morning about a “rash” of similar cyber attacks happening nationwide.
There have been at least a half-dozen ransomware attacks and network intrusions impacting online scheduling applications for bus, train and para-transit services across the country this year including New York City, Santa Clara, and Ann Arbor Michigan.
“We had another one this morning on something else that’s come up,” said Blangiardi, on Spotlight. “We did not get any ransom demands. … We’re doing everything we possibly can (to restore and secure online operating systems).”
The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Honolulu Police Department, and the U.S. Secret Service are investigating the ransomware attack that continues to cripple Oahu Transit Service systems. The FBI is providing resources to resolve the intrusion at OTS, the agency said in a Sunday news release.
“The investigation is continuing and no additional information is being released at this time,” said HPD spokeswoman Michelle Yu today, referring to the attack on TheBus.
On Sunday night the Board of Water Supply was notified that a ransomware attack hit Kronos Private Cloud services, which includes BWS’ “Kronos Workforce” timekeeping system. The BWS immediately shut off all access to Kronos.
The parent company of Kronos, UKG, took immediate action to investigate this issue, according to a news release. At the moment, BWS customers are not affected by this incident but “out of an abundance of caution”, BWS is advising its employees to check their credit reports and be aware of any unusual or unauthorized activity, according to the news release.
It is not immediately known if HPD and the FBI are looking into the BWS cyberattack.