Iranian Hackers Blamed for Los Angeles County Metropolitan Transportation Authority Breach
Iranian hackers were reportedly responsible for a breach of the Los Angeles County Metropolitan Transportation Authority (LA Metro) that disrupted parts of the transit environment in California. The investigation involved exposed internal data and operational disruption. Security researchers linked the intrusion to Iran-aligned Ababil activity, with reports describing stolen emails, backups, and a video showing access inside the target network.
Signal context
First seen: May 27, 2026
Last updated: Jun 24, 2026
Status: Public signal
Key points
- Iranian hackers blamed for the breach.
- Disrupted parts of the transit environment.
- Exposed internal data and operational disruption.
Signal analysis
BetaIt helps compare this signal with other published signals without treating the labels as final determinations.
Likely country: Location not provided
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality, Availability
Likely asset: User or customer data
- 1 signal in the same sector
- 69 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
NEWS ROUNDUP - 27th May 2026 - Digital Forensics Magazinehttps://www.digitalforensicsmagazine.com/news-roundup-27th-may-2026/Public source from digitalforensicsmagazine.com.
Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of May 2026https://www.cybermanagementalliance.com/biggest-cyber-attacks-data-breaches-ransomware-attacks-may-2026/Public source from cybermanagementalliance.com.
Related signals
Grouped by why the signal is relevant.
Fluke Corporation data breach impacts over 18,000, Clop claims responsibility
Fluke Corporation notified over 18,000 people of a data breach that occurred between August 10 and October 7, 2025. The breach, resulting from an exploited vulnerability in a third-party application, compromised highly sensitive personal information including SSNs, birth dates, and disability status. The Clop ransomware group claimed responsibility.
Tampa Bay Dental Implants & Prosthetics discloses ransomware attack and data exposure
Tampa Bay Dental discovered unauthorized access to its network on January 19, 2026, when ransomware was used to encrypt files on a legacy server containing a backup of electronic medical records. Patient data, including names, contact information, birth dates, treatment notes, clinical histories, and for some, Social Security numbers, was exposed.
LastPass confirms data breach in Klue supply chain attack
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in a supply chain attack targeting Klue, a third-party market intelligence platform. The unauthorized actor obtained OAuth tokens from Klue, which were then used to access LastPass customer data. Exposed information includes customer names, phone numbers, email addresses, physical addresses, support case information, and sales/CRM-related data. LastPass stated that its core products, services, and infrastructure, including customer vaults, were not affected by this incident. The Icarus extortion group claimed responsibility for the Klue attack.
Snyk impacted by Klue supply chain attack
Snyk, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Snyk's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Snyk stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.
OneTrust impacted by Klue supply chain attack
OneTrust, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from OneTrust's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. OneTrust stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.
Jamf impacted by Klue supply chain attack
Jamf, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Jamf's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Jamf stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.