The Toronto Transit Commission (TTC) says an investigation into a recent cyberattack shows that personal information of up to 25,000 employees, former employees and pensioners may have been stolen.
The information apprehended in the attack may include names, addresses and social insurance numbers. The agency said it is also looking into whether any vendors and customers were affected, as well.
“It is very important to note that, at this time, there is no evidence that any of the personal information that was accessed has been misused,” the TTC said in a statement Monday. “This was a sophisticated incident, similar to the hundreds of incidents reported in Canada in the last year alone.”
Those who may have been affected will have credit monitoring and identity theft protection provided by the agency.
“We are doing this by offering three years of credit protection through TransUnion,” said CEO Rick O’Leary on Monday.
“This is being done both out of an abundance of caution and because it’s the right thing to do.”
Shortly after the announcement, ATU Local 113, the union representing TTC workers, said they were “extremely concerned.”
- TSX flat as oil falls, U.S. stock markets mixed after Fed holds interest rates steady
- Panthers head back to work, resting and waiting for Bruins-Leafs winner
- Proline bettors still solidly behind Toronto Maple Leafs in NHL playoffs
- Ontario introduces sped-up apprenticeship path for high school students
“We expect the TTC to treat this issue with the severity it deserves and keep our union leadership and members updated,” the statement on behalf of union president Carlos Santos read. “When the news of the cyber attack originally broke, ATU Local 113 noted that the security of confidential information of TTC workers must be a priority.”
On Oct. 29, the TTC said in a statement that staff learned the transit agency was the victim of a ransomware attack when IT detected “unusual network activity” the night before.
“Impact was minimal until midday today (Oct. 29) when hackers broadened their strike on network servers,” the statement said.
Due to the attack, online Wheel-Trans bookings were unavailable, as was next vehicle information on platform screens, apps and on the TTC website.
Wheel-Trans users told Global News at the time they felt very isolated by the situation. Thousands of residents with mobility issues use the service to get around the city. Many said they faced “hours-long” wait times to book new trips and check the status of pre-booked commutes.
Data breaches have become a familiar feature on the corporate and public-sector landscape, with the risk ramping up during the COVID-19 pandemic, experts say.
“Ransomware attackers have been targeting health-care organizations during the pandemic because we as the public and as governments cannot endure those health-care organizations and networks being out of service,” said Charles Finlay, executive director of the Rogers Cybersecure Catalyst at Ryerson University.
“The sheer number of attacks in general has increased. They’ve increased in sophistication. And COVID-19 has meant that attacks on certain kinds of organizations have also increased.”
Finlay said national intelligence agencies and law enforcement at all levels need to treat cyber threats as a major domestic security challenge.
“Ransomware is a multibillion-dollar global industry. It is highly organized … it’s very well financed,” he said.
“This is organized crime operating at the most sophisticated level.”
The Office of the Information and Privacy Commissioner of Ontario said in a statement that the TTC notified it about the attack on Oct. 29, and while it’s working with the transit commission to learn more, it can’t provide further details since it’s an active file.
—With files from Brittany Rosen and The Canadian Press
Comments