OmniRide bus service notifies victims of data breach claimed by ransomware gang

OmniRide this week confirmed it notified victims of a December 2024 data breach that compromised their personal information.

Potomac & Rappahannock Transportation Commission, which provides the OmniRide public bus service in the Washington, D.C. suburban area, has not disclosed what data or how many people were compromised yet.

Ransomware gang Fog took credit for the breach in January 2025, saying it stole 7.2 GB of financial data and HR documents.

OmniRide has not verified Fog’s claim. We do not know what data was compromised, how attackers breached OmniRide’s network, if OmniRide paid a ransom, or how much Fog demanded. Comparitech contacted OmniRide for comment and will update this article if it replies.

“To date, our investigation revealed that malicious actors gained access to the Commission’s network on or about December 11, 2024, and deployed ransomware to encrypt portions of the network,” says OmniRide’s notice (PDF) to victims.

Who is Fog?

Fog is a ransomware gang that first started claiming attacks on its website in July 2024. It has a history of targeting US schools but is not limited to them. In addition to encrypting files, Fog also steals data and targets development environments.

Fog has claimed responsibility for 23 confirmed attacks in total, plus 154 unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations. However, the group hasn’t claimed any new victims since March 2025.

In addition to OmniRide, Fog also launched successful attacks against two other government entities: the Governo Federal do Brasil and the Cold Lake, AB local government. The attack on the Brazilian government came with a $1.2 million ransom demand.

Fog recently claimed the following attacks:

Ransomware attacks on US government

In 2024, Comparitech researchers logged 94 confirmed ransomware attacks on US government entities, compromsing more than 2.5 million reocrds.

In 2025 so far, we’ve tracked 26 such attacks. The average ransom is $2.1 million.

In another recently confirmed attack, Pierce County, WA libraries disclosed an April 2025 data breach claimed by Inc Ransomware. Meanwhile, the city of Grove, OK just confirmed an attack from March 2025 claimed by DragonForce.

Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, data could be lost forever, and people whose data was stolen are put at greater risk of fraud.

About OmniRide

OmniRide is a public bus service in the Northern Virginia suburbs of Washington, D.C provided by the Potomac and Rappahannock Transportaion Commission. It serves three counties: Prince William, Spotsylvania, and Stafford. OmniRide’s fleet includes 168 buses and 13 routes, with a daily ridership of nearly 9,000 people, according to external sources. The bus services are operated under contract by Keolis.