TTC cyberattack may have stolen information from up to 25K employees, former employees

Click to play video: 'TTC investigates data breach potentially impacting 25,000 employees, former employees'
TTC investigates data breach potentially impacting 25,000 employees, former employees
The TTC is investigating a data breach that has potentially compromised the personal information of thousands of its current and former employees. Brittany Rosen has more – Nov 8, 2021

The Toronto Transit Commission (TTC) says an investigation into a recent cyberattack shows that personal information of up to 25,000 employees, former employees and pensioners may have been stolen.

The information apprehended in the attack may include names, addresses and social insurance numbers. The agency said it is also looking into whether any vendors and customers were affected, as well.

“It is very important to note that, at this time, there is no evidence that any of the personal information that was accessed has been misused,” the TTC said in a statement Monday. “This was a sophisticated incident, similar to the hundreds of incidents reported in Canada in the last year alone.”

Those who may have been affected will have credit monitoring and identity theft protection provided by the agency.

Story continues below advertisement

“We are doing this by offering three years of credit protection through TransUnion,” said CEO Rick O’Leary on Monday.

“This is being done both out of an abundance of caution and because it’s the right thing to do.”

Shortly after the announcement, ATU Local 113, the union representing TTC workers, said they were “extremely concerned.”

“We expect the TTC to treat this issue with the severity it deserves and keep our union leadership and members updated,” the statement on behalf of union president Carlos Santos read. “When the news of the cyber attack originally broke, ATU Local 113 noted that the security of confidential information of TTC workers must be a priority.”

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

On Oct. 29, the TTC said in a statement that staff learned the transit agency was the victim of a ransomware attack when IT detected “unusual network activity” the night before.

“Impact was minimal until midday today (Oct. 29) when hackers broadened their strike on network servers,” the statement said.

Due to the attack, online Wheel-Trans bookings were unavailable, as was next vehicle information on platform screens, apps and on the TTC website.

Story continues below advertisement

Wheel-Trans users told Global News at the time they felt very isolated by the situation. Thousands of residents with mobility issues use the service to get around the city. Many said they faced “hours-long” wait times to book new trips and check the status of pre-booked commutes.

Data breaches have become a familiar feature on the corporate and public-sector landscape, with the risk ramping up during the COVID-19 pandemic, experts say.

“Ransomware attackers have been targeting health-care organizations during the pandemic because we as the public and as governments cannot endure those health-care organizations and networks being out of service,” said Charles Finlay, executive director of the Rogers Cybersecure Catalyst at Ryerson University.

Click to play video: 'TTC cuts service amid unvaccinated operators'
TTC cuts service amid unvaccinated operators

“The sheer number of attacks in general has increased. They’ve increased in sophistication. And COVID-19 has meant that attacks on certain kinds of organizations have also increased.”

Story continues below advertisement

Finlay said national intelligence agencies and law enforcement at all levels need to treat cyber threats as a major domestic security challenge.

“Ransomware is a multibillion-dollar global industry. It is highly organized … it’s very well financed,” he said.

“This is organized crime operating at the most sophisticated level.”

The Office of the Information and Privacy Commissioner of Ontario said in a statement that the TTC notified it about the attack on Oct. 29, and while it’s working with the transit commission to learn more, it can’t provide further details since it’s an active file.

With files from Brittany Rosen and The Canadian Press

Story continues below advertisement



Sponsored content