{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreidcw7dg2hmwgyear62c4heykmz5q4jatyi6bcswir2vtd7tf6i7iy",
"uri": "at://did:plc:3mf3ql5qtnfwownblde4355r/app.bsky.feed.post/3mod7tu35ifz2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreigc7bnm4sfhhoasq2nsi23jfemiwwlbzif5gadlcjcuskhax36xxe"
},
"mimeType": "image/webp",
"size": 32188
},
"description": "A persona linked by researchers to an Iran-aligned destructive campaign claimed it compromised the transit software vendor; Allegany County documented a vendor-related trip confirmation disruption.",
"path": "/it-curves-paratransit-cyberattack-claim/",
"publishedAt": "2026-06-15T11:51:44.000Z",
"site": "https://dysruptionhub.com",
"tags": [
"IT Curves",
"Allegany County Transit",
"Siera Smith/Wikimedia Commons",
"Gambit Security",
"LA Metro intrusion",
"directory"
],
"textContent": "IT Curves, a Maryland transit software vendor, was the subject of a claimed cyberattack after a scheduling system incident disrupted paratransit trip confirmations in at least one jurisdiction.\n\nThe clearest public sign of customer impact came from Allegany County Transit in Maryland. A May 6 county Facebook notice said riders with May 6 and May 7 pickups had to call Transit to confirm their trips because of a cybersecurity incident involving a third-party scheduling vendor.\n\nA now-deleted May 6 Allegany County Government Facebook notice said riders with May 6 and May 7 pickups had to call Transit to confirm trips because of a cybersecurity incident involving a third-party scheduling vendor. (Screenshot/DysruptionHub)\n\nHours after DysruptionHub sent questions to Allegany County on June 10, the county’s Facebook notice was no longer publicly available. DysruptionHub retained screenshots and archived records of the notice. The county did not respond to follow-up questions about why the post was removed, edited, restricted or replaced, or whether the notice was retained under Maryland public records rules.\n\nMaryland State Archives guidance says government records may include electronic records created in the conduct of public business and that public records may not be disposed of without authorization under an approved retention schedule.\n\nAllegany County did not name the vendor. IT Curves-hosted systems and public listings reviewed by DysruptionHub point to IT Curves as a likely vendor connection, but neither the county nor the company has confirmed that IT Curves was the vendor referenced in the alert.\n\nIT Curves supports the back-office systems transit agencies use to schedule trips, dispatch vehicles and manage rider reservations. The Gaithersburg company says it has provided transportation-management tools since 2008 for public and private operators.\n\nAllegany County Transit’s building at 1000 LaFayette Ave. in Cumberland, Maryland. Riders were told to confirm some pickups after a cybersecurity incident involving a third-party scheduling vendor. (Siera Smith/Wikimedia Commons)\n\nA group calling itself Ababil of Minab claimed June 9 that “the official platform of IT Curves” had been hacked, posting screenshots it said showed access to company systems. The group claimed 20 critical machines were compromised, about 20 TB of data was wiped and about 2 TB of sensitive data was exfiltrated. DysruptionHub has not independently verified those claims.\n\nGambit Security said Ababil of Minab surfaced as a pro-Iranian persona claiming the LA Metro intrusion, but that forensic evidence indicated the operation was unlikely to be a new standalone hacktivist crew. The firm said the activity overlapped with infrastructure and operations previously tied by Israel’s National Cyber Directorate to Iran’s Ministry of Intelligence and Security.\n\nGambit said the destructive campaign targeted transportation and connected-vehicle systems, including LA Metro, South Florida Regional Transportation Authority and Agnik’s Vyncs vehicle-tracking service. The firm said the playbook targeted IT, applications, virtualization and backup infrastructure to complicate recovery.\n\nAn image posted by Ababil of Minab claims IT Curves was hacked. The Maryland transit software vendor has not publicly confirmed the claimed compromise, data theft or data wiping. (Ababil of Minab)\n\nGambit’s reporting does not verify the IT Curves claim, but it raises the significance of the allegation because the same persona has been linked by a security firm to a destructive transportation-sector campaign.\n\nIT Curves has not publicly confirmed the incident in sources reviewed by DysruptionHub. The company, Allegany County and law enforcement have not confirmed data theft, data wiping, the number of affected systems or a threat actor.\n\nIT Curves describes its platform as covering scheduling, dispatch, financial reconciliation, communication and vehicle management. Its site also lists reservation cloud tools, automated dispatch, manifest building, in-vehicle devices, real-time location data, on-demand trip capabilities, rider wallet functions and rider eligibility systems.\n\n****Chip in once****\nIf this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.\n\nTip us\n\n****Support us monthly****\nA small monthly pledge keeps independent coverage and our reader tools online for everyone.\n\nBecome a Supporter\n\nThe South West Transit Association directory lists IT Curves in categories including operations and management, fare collection, information systems, scheduling and dispatch software, and transit software. The directory says the company supports public transit agencies, paratransit, nonemergency medical transportation and private transportation companies, and lists its address in Gaithersburg.\n\nThe Allegany County impact appears limited in public records to pickup confirmations for two service dates. The narrow notice suggests the issue involved the availability or reliability of near-term scheduling records, but officials have not said whether the vendor restored from backup, rebuilt systems, manually reconciled trips or dealt with a synchronization problem.\n\nDysruptionHub sent questions to Allegany County and IT Curves asking whether IT Curves was the scheduling vendor, whether transit systems were disrupted, whether data was accessed and whether the Ababil claim was connected. Neither had responded by publication.\n\nThe notice gave no restoration timeline and did not say whether rider data was accessed, whether trips were missed or whether later reservations were affected. The scope of affected systems, the vendor’s identity and whether any other transit customers were disrupted remain unclear.\n\n****Attribution note:**** DysruptionHub credits upstream reporting and primary sources—see citations above. If this report informed your coverage, please cite DysruptionHub with a link.",
"title": "IT Curves in Maryland faces cyberattack claim after paratransit scheduling disruption",
"updatedAt": "2026-06-15T11:51:45.672Z"
}