We’ve got an L.A. Metro update

Posted on by tech

The last few days, my sources have been posting updates which I’ve reviewed. The goal here is not to pull the articles apart, because they’re all saying the same thing in so many ways.

On the 17th of April, I blogged about several sources claiming that Ababil of Minab and the claims that were made public at that time. Those claims may have included anywhere from 1400 servers to 1421 servers, claims of significant data destruction, and the damage they were going to possibly inflict. At that time, I said that we would have to see what happened. We also know that L.A. Metro has said very little, which did not impress someone who works in the PR department at a company.

I don’t have a PR background, but it did not impress me either. We know from coverage that companies can say something, even if it is just a statement on the record they’re investigating the issue. They can refuse comment, and we’ve seen this in lots of stories through the years.

Since then, sources are confirming that research has been done, and researchers now believe the group claiming responsibility was likely involved. However, what data, if any, was ultimately exfiltrated remains unclear. It is also possible the investigation is still ongoing.

I read various versions of reporting as stated above, and they all say roughly the same thing. They’re all cautious about what was actually done, but the number of 1400 servers appears to be the figure Metro examined. None of the articles that are listed below said anything about data exfiltration or the huge number of TB the actors may have wiped, stolen or both.

With the board meeting coming up, Metro has another opportunity to tell the public what they know, how they fixed the issue, and how they plan to prevent something similar from happening again. If you remember notations from various meetings this author has attended, lots of questions were asked with little response given. In more recent meetings, the cyber attack was briefly mentioned in passing, but little else was said. These meetings are attended as a member of the public, and Metro has not provided additional information to this author regarding questions raised in the April write-up of the incident. Even then, I was trying to get unrelated matters resolved and was directed to other people, who mentioned that the news was discussing a cyber attack. However, nobody explicitly stated that Metro itself had been affected. The only publicly available reporting this author located at the time was the linked L.A. Times article referenced earlier. Others were sourced elsewhere talking more about the claims than what was going on.

With Los Angeles preparing to host major international events, this is Metro’s chance to explain to the public what truly happened to the best of their ability.

This also is not the first cybersecurity-related issue Metro has faced. In October 2025, this author covered a separate incident that Metro appeared to resolve within days with far less public concern in the article Here’s how to do things right, L.A. Metro had a Cybersecurity incident, fixed it within days.

While wording and emphasis vary depending on the outlet, the overall reporting trend now appears more consistent than it did in April. Multiple organizations are independently citing researchers and investigative findings pointing toward the same group and similar conclusions, even though major public questions about operational impact and possible data loss still remain unanswered.

Below, find a list of some of the coverage that’s out there. I read everything that we’re linking to, and we’ll leave the conversation open.

Thanks for reading, make it a great day!

Discover more from Jared's Technology podcast network

Subscribe to get the latest posts sent to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts