The company says it was alerted to the situation by its advanced threat detection systems and deactivated the network within a few hours.
“On October 10, Keolis Commuter Services experienced a ransomware event,” Keolis Commuter Services spokesperson, Mr Justin Thompson, told IRJ. “Keolis immediately took affected systems off-line, notified law enforcement and implemented steps to protect and restore systems.
“For impacted employees, we will provide support resources, such as credit monitoring and identity theft protection.
“At no time were operational safety systems compromised, and there was no risk to system safety during this event. This event did not and will not impact the continued safe operation of MBTA Commuter Rail.”
Keolis says no MBTA networks were breached as a part of the incident, and no other Keolis networks were impacted.
As Keolis does not store passenger data, no passenger information was taken.
The company is now working with forensic experts to resolve and investigate the attack, which may have affected several other companies around the world.
Keolis currently provides mechanical, transport and engineering services in Boston under an eight-year contract that began on July 1 2014. The contract included two two-year extensions, which were activated in June.