Outside Investigation Finds No Evidence Any Data Was Accessed During Cybersecurity Incident at COTA

The Central Ohio Transit Authority (COTA) is announcing the findings of a cybersecurity incident that occurred in December 2022. The incident led to COTA temporarily taking its IT network systems offline to protect employees and customers.

The investigation conducted by Surefire Cyber, collected and analyzed data and logs from 590 systems. The investigation confirmed that while an unauthorized third party accessed an IT network server, there is no indication that employee or customer personally identifiable information was accessed from the system. There is also no evidence of any active cybersecurity threat.

While no data was accessed, COTA will offer all employees one year of three-bureau credit monitoring at no charge to them. This benefit provides added assurance that COTA is committed to protecting employees.

COTA continued operating all transit services during the IT network outage. All customer-facing systems are back online, including real-time transit vehicle tracking and onboard Wi-Fi.