Members of the MyBart.org website have been notified of a data breach in which personal details of hundreds of users were stolen and posted to the Internet, BART officials said Sunday.
While the attack affected around 2,400 users, BART officials sent an email to all 55,000 web site members, spokesman Jim Allison said.
The MyBart website remains down while the agency works to secure it. Allison said it would not resume operations until officials were confident users' data was secure.
"We've been working on this since Friday," Allison said. "We've done everything we could to secure the site."
The hacker protest group "Anonymous" took credit for the attack, and posted links to the stolen user data on its Twitter account. It also posted contact information for BART employees on its website and encouraged its members to flood them with emails and phone calls.
Allison said that BART is working with federal officials to respond to the attacks and to prevent any future security breaches. He said that any MyBART.org users that have had their information stolen should not open any unsolicited emails and immediately change any passwords that my have been shared with their MyBART.org account.
The MyBART.org website was defaced using the logo of Anonymous and a link to its Twitter account. The site is normally used for marketing, announcing and deals near BART stations, and sends subscribers regular emails.
As of 2:30 p.m. Sunday, BART's main website, bart.gov was still accessible. Allison said that if BART's website did go down, travelers are recommended to use 511.org for transit information.
Allison also noted that BART's website infrastructure is not at all connected to the computer systems that run the trains themselves, and that the web attacks would not result in any service delays.
Another website not associated with BART, Californiaavoid.org was also hacked with the logo of Anonymous and fake news stories were added to it containing racial slurs. California AVOID is a state-sponsored partnership of law enforcement organizations to prevent drunk driving.
Anonymous announced its intention to hack BART websites in a posting on its website. The shadowy hacker group said that it is already engaged in a phone, email and fax campaign to disrupt BART's operations, and that there will be a live protest in the Civic Center BART station Monday at 5 p.m.
The hacking attacks and protest are in response to BART's interruption of wireless cell phone service in several downtown San Francisco BART stations to prevent a disruptive protest on Thursday.
Last week BART announced on its website that it was anticipating demonstrations on the BART platforms in August. Commuters were "advised that protesters may attempt to disrupt train service during August commute periods beginning as early as Thursday, August 11, 2011, in downtown San Francisco BART stations."
On July 11, protesters prevented trains from leaving the Civic Center BART station in response to the July 3 BART police shooting of Charles Hill in the same station. Protesters blocked the train doors and one even climbed on top of a train.
The Civic Center, Powell Street and 16th Street BART stations were all temporarily closed due to the protest. As a precautionary measure on Thursday, BART temporarily suspended wireless cell phone service in several downtown San Francisco BART stations.
"They were clear in stating they could use mobile devices to organize," Allison said. He said protesters intended to use cell phones to communicate about the number and location of BART police.
While the protest never materialized, Allison said he did not know if that was an effect of disrupting cell phone service in the stations.
The move has been widely criticized and reported worldwide, provoking further protest announcements and statements of disapproval from Bay Area public officials. Mayoral candidate Phil Ting released a statement Saturday that said the move violated fundamental principles of democracy. "The decision was made at the very highest staff level of the agency," Ting's statement said. "Censorship is not, and must not become, a public safety tool."
State Sen. Leland Yee also released a statement blasting BART officials for their decision. "I am shocked that BART thinks they can use authoritarian control tactics," he said. "BART's decision was not only a gross violation of free speech rights; it was irresponsible and compromised public safety."
The planned actions against BART have been widely discussed on Twitter using the hashtags #OPBart and #MuBARTek, a reference to deposed Egyptian President Hosni Mubarek, who reportedly disrupted Internet and wireless communications to stifle growing protests in Egypt. As of 11 a.m. today, over 100 people said they would be attending Monday's protest on a Facebook announcement.
Allison said no decision has been reached on whether BART will further disrupt cell phone services for Monday's demonstrations. "The top priority for us is the safety of our passengers. We'll be taking steps to try to make sure our customers get home safely," he said, but did not specify what those steps may be.
He said that BART allows for protests in the station, but outside the fare gates. "We firmly believe in free speech, that's why we have an expressive activities program that allows for activities outside the fare gates, where it's safe," Allison said.
In an announcement for Monday's protest it was not clear whether demonstrators intended to gather on the platform or outside the fare gates. Organizers from Anonymous said the protest would be peaceful.