Rhysida ransomware group claimed a 2025 attack on Maryland Transit Administration, exposing addresses and IDs

What happened

In August 2025, Government Technology reported that the Maryland Transit Administration had been hit by a cyberattack that interrupted bus tracking and other systems. The Rhysida ransomware group publicly claimed responsibility and listed the agency on its data-leak site. Rhysida claimed to have stolen Social Security numbers, driver's license details, home addresses, passport data, and other legal documents tied to Maryland residents.

The agency confirmed the disruption and engaged state and federal investigators. The exposed dataset, if Rhysida's claims hold up, includes the high-quality identifiers that fuel doxxing campaigns and identity theft.

How it started

Rhysida has hit transit and government targets in multiple states. The MTA breach fits the group's pattern of exfiltrating data first, then announcing the attack publicly to pressure ransom payment. When ransom isn't paid, the data ends up on the leak site.

For Maryland residents, including officers, judges, and EMTs whose data flowed through MTA systems for any reason, the leaked dataset adds new addresses and identifiers to the pool brokers and aggregators eventually pick up.

What this means for you

If you're a Maryland judge or magistrate, you have one of the country's strongest Daniel's Law analogs at your back. The statute requires brokers to remove your data within 72 hours of notice, with $1,000 in statutory damages per violation and punitive damages on willful refusal.

If you're an officer, EMT, or corrections worker, that statute does not cover you. Your option is the public-records exemption for what the state holds, plus continuous broker removal for what brokers republish. We handle the second part.

Editorial rules: Only public, already-reported incidents. Never name a non-public victim. Always end with the prevention takeaway tied to our service. Cite at minimum one public source per claim.