Ex-contractor's computer in Russia breached D.C. Metrorail transit system, watchdog finds

A former contractor for the Washington Metropolitan Area Transit Authority (WMATA) was able to remotely access sensitive WMATA data from a computer in Russia because his supervisor failed to revoke his high-level administrative access, a new watchdog memo says.

A memo released Wednesday by the WMATA Office of Inspector General says the office opened a cyber investigation in early 2023 when it was alerted that WMATA's cyber group had detected abnormal network activity originating in Russia in January. 

The agency found that the credential of a contractor no longer working for the agency had been used in Russia to access a sensitive directory. The former contractor's supervisor had allowed the man to retain his access to WMATA systems and networks in hopes that his contract would be renewed, the report said.