A threat actor believed to be working on behalf of the Chinese government breached the New York transit agency’s computer systems in April, The New York Times reported.

According to the Metropolitan Transit Authority’s (MTA) document obtained by the newspaper, the attack seemed to have caused little damage, as the hackers did not gain access to systems that control train cars and rider safety was not at risk. Also, the intrusion did not involve financial demands and instead appears to be part of a recent cyber-espionage campaign, which exploited a vulnerability in Pulse Connect Secure suite and was linked by cybersecurity experts to hacker groups with ties to China.

MTA officials said they were alerted to the hack on April 20 by the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA). The intruders compromised at least one of the MTA’s virtual private networks, which allowed them to get access to at least three of the agency’s 18 database systems, officials said.

Despite the absence of damage to customers or employees from the cyberattack, the MTA forced 3,700 users (employees and contractors) to change their passwords as a precautionary measure.

It is not clear what the purpose of the MTA hack was, but investigators have several theories, NYT said. One of them is that hackers tried to glean information about the inner workings of a transit system to support China’s push to dominate the multibillion-dollar market for rail cars and secure lucrative contracts.

Another theory suggests that hackers mistakenly entered the MTA’s system and discovered it was of little interest, which is not unusual, NYT said.

“The MTA’s existing multilayered security systems worked as designed, preventing spread of the attack,” said Rafail Portnoy, the MTA’s chief technology officer. “We continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat.”