San Francisco subway hackers threaten to dump 30GB sensitive data online
It is still not clear how much data the hackers may have stolen from MUNIiStock

Hackers who hit the San Francisco municipal transit system (MUNI) with a ransomware attack over the Thanksgiving weekend are threatening to publicly leak the stolen data, according to reports. The hackers had demanded 100 bitcoins ($70,000, £56,000, €66,000) as ransom.

The hackers have reportedly threatened to dump 30GB worth of sensitive data, including those pertaining to MUNI customers, contracts and employees. It is still uncertain as to how much data the hackers may have stolen from MUNI.

The hackers, going by the pseudonym "andy saolis" told Motherboard on 28 November: "To have more impact to company to force them to do right job!"

"Anyone see something like that in Hollywood movies but it's completely possible in real world!," they said, presumably referring to the singular incident, which saw a public transport system of a major American city held hostage to ransomware.

The hackers continued: "It's to show to you and proof of concept, company don't pay attention to your safety!"

According to a report by Fortune, the hackers claimed that if MUNI failed to fix its systems and pay up the ransom amount, the cybercrooks would release the allegedly stolen data online. The hackers, however, refused to provide a sample of the data, instead indicating that they would disclose it later, in case MUNI did not contact them.

According to a report by Bleeping Computer, the hacker group indicated that it had not intentionally targeted MUNI and that it was an accidental infection.

"We Hacked 2000 server/pc in SFMTA including all payment kiosk and internal automation and email and ...! We gain access completely random and our virus working automatically ! We don't have targeted attack to them ! It's wonderful !," the hacker group said.

It is still uncertain if MUNI and law enforcement authorities have been able to mitigate the attack in any way.

MUNI is yet to comment on the latest development. Following the initial attack, a MUNI spokesperson said the company was working with law enforcement agencies in the ongoing investigation into the incident.