Ransomware Attack on Toronto Transit Commission

On October 29, 2021, the Toronto Transit Commission (TTC) acknowledged that it became the victim of a sophisticated ransomware attack. An IT staffer detected and investigated the unusual network activity that led to the discovery of the attack. At the same time, the incident impacted several internal and customer-facing functions. Thankfully, the ransomware attack had not put the public and employees at risk, nor had it caused significant disruption to transit service.

For the record, the Toronto Transit Commission provides public transit services to nearly 1.7 million people in Toronto and peripheral municipalities every weekday.

 

Are you dealing with data breaches? Contact LIFARS straight away since time is of the essence when it comes to data breaches.

 

The Aftermath of the Incident

Although the ransomware group behind the attack is unclear, the incident affected various services and systems belonging to the TTC. It includes the internal TTC email service and TTC vision system that helps operators communicate with Transit Control. The ransomware attack had also forced conductors to use radio and disabled the booking portal for Wheel-Trans.

Moreover, the incident had also disabled the real-time information about TTC vehicles on the TTC website, trip planning apps, and platform screens. However, the unpleasant event had not disrupted public transportation routes. Subway trains, buses, and trams continued to run as usual.

Toronto Transit Commission Provided an Update on the Cybersecurity Incident

The Toronto Transit Commission informed that the ransomware attack on its system compromised the personal information of nearly 25,000 current and past employees. The compromised data includes the names, addresses, and social insurance numbers. In the update, the agency indicated that its investigation is underway to know whether the attack affected its vendors and customers.

The agency also clarified that they found no evidence of any misuse of information. However, it notified the individuals impacted by the ransomware attack. It also said it would extend credit monitoring and identity theft protection to them. Meanwhile, the Toronto Transit Commission advised its employees to inform their respective banks of the security breach.

TTC CEO Rick Leary Comments on the Ransomware Attack

TTC CEO Rick Leary expressed his deep regret on behalf of the entire organization to everyone impacted by the ransomware attack. He also asserted that the Toronto Transit Commission has been working with cybersecurity experts and law enforcement agencies. Hopefully, it would be able to restore lost service and understand the breadth of the incident.

He also signaled that the TCC would advise the potentially affected individuals of the next steps in the coming days. About the threat actors, he said that they belong to a well-organized enterprise.

Montreal, Vancouver, and Now Toronto

With the ransomware attack on the TTC, cybercriminals have now targeted the public transportation systems of all three most prominent cities of Canada. In October 2020, ransomware gangs hit STM of Montreal, and in December 2020, they targeted Metro of Vancouver.

Hackers demanded CAD$7.5 million from Metro and CAD$2.8 million from STM. But remember that not any agency had paid the ransom. Until now, the Toronto Transit Commission has not revealed its ransom demand for the ransomware attack under mention.

Conclusion

Ransomware attacks have extended their impact beyond leaking personal details and stealing money from the accounts. What’s more, it can now cause electrical blackouts, disrupt networks, and make sizeable data unavailable. Subsequently, the only way forward is to develop proactive strategies and tactics against evolving cybersecurity threats.

 

References

Ransomware gang hit Toronto subways

Cyberattack on the Toronto Transit Agency exposes data of 25,000 employees

TTC update on cyber security incident

Ransomware attack disrupts public transportation system of Toronto

TTC says personal information accessed in cyber attack