SEPTA malware attack busted automated rider counters used to stop transit crowding

The malware attack that rippled through SEPTA’s system in August — temporarily thwarted real-time travel info, payroll and the company email system — has also kneecapped the transit authority’s ability to monitor crowding on vehicles, a SEPTA spokesperson confirmed.

The automatic passenger counting (APC) system that checks SEPTA buses and trolleys for overcrowding remains inactive about four months after the initial malware attack. It’s not great timing, since coronavirus cases continue to rise in the Philadelphia region, making it especially important to control crowding on public transit.

Officials are working hard to restore the system: “This is a high priority, and we expect it to be restored in four to six weeks,” said SEPTA spokesperson Andrew Busch.

SEPTA has installed automatic passenger counters on roughly 25% of its bus and trolley fleet. They’re connected near the doors, so they can catch passengers as they enter and exit the vehicle, keeping tabs on the total number of people riding a route at any given time. The electronic system also records vehicle arrival and departure times at each stop.

Even though the APC monitors are only installed on a quarter of SEPTA vehicles, those vehicles are circulated through the entire system — ensuring ridership checks on all routes are conducted about once per month.

“The reports show ridership activity and on-time performance analysis for each route, trip, stop by time-period,” Busch said.

The data collected by those APCs are stored on the vehicle, and then transmitted to SEPTA servers either in real time or once daily. But when the malware attack struck, the transit authority opted to shut down that data share to minimize the impact of the cybersecurity breach.

Without the APC software, SEPTA has to rely on a far less comprehensive method: Individual employees counting riders on some routes.

Now, Philly’s public transportation agency collects reports from frontline operators, supervisors and traffic checkers to keep an eye on crowds. These reports existed before the malware shutdown, but they’re essential now without the electronic system as a baseline.

Since the breach, SEPTA employees have conducted:

• 24 passenger count checks along nine routes
• Loading compliance checks at 53 routes at transportation centers
• On-time schedule and load compliance checks along 33 routes

Among those checks, SEPTA recorded 90% compliance with COVID passenger limits. But without widespread APC software, instances of overcrowding could be slipping through the cracks.

The Philly Transit Riders Union said since the pandemic hit, its members have observed substantial overcrowding on the Route 23 bus. SEPTA maintained that the route “is operating with full pre-COVID weekday service levels” but not excessive crowding, Busch said.

Meanwhile, other effects of the summertime breach still reverberate through SEPTA’s system.

As recently as October, employees couldn’t access files on shared drives or get on the internet at their Center City headquarters.

SEPTA has restored most of the customer-facing applications, like scheduling and real-time arrival data, Busch said. Email and shared drives are back to full operation too, but Busch said they’re still working to remedy issues with other employee-facing applications.

The agency launched a partnership with Drexel on Tuesday aimed at developing new air and surface cleaning technology to improve efforts to stop the spread of the coronavirus.