Data on 25,000 current and former employees may have been stolen in TTC attack

The personal information of approximately 25,000 current and former employees and pensioners may have been stolen in the cyber attack on the Toronto Transit Commission.

The TTC said in a statement that the information may include names, addresses and Social Insurance Numbers.

“We continue to investigate whether a small number of customers and vendors may also be impacted,” it also said.

Impacted employees will be notified directly by letter, and the TTC will provide credit monitoring and identify theft protection to them “as appropriate.”

“As the investigation continues, we will reach out to additional individuals who may be affected to offer assistance as appropriate,” the statement said.

The service continues to describe the attack as a cybersecurity incident. However, TTC chief executive Rick Leary said a number of the TTC’s were servers encrypted and locked. The threat actors, he added, belong to “an extremely well-organized enterprise.”

The transit service’s email system has been offline since the attack started on October 29th. For a time it also took out the TTC’s Vision system, used to communicate with vehicle operators, the ‘Next Vehicle’ information on platform screens, trip-planning in apps and on the TTC website, and the ability of passengers to reserve space online on the Wheel-Trans system, for those who can’t use a bus, streetcar or subway.

So far the TTC isn’t saying how the attack started. “Like many organizations around the world, we work extremely hard to plan and prepare for situations like this,” the statement says. “However, the fact remains that these types of incidents are becoming increasingly sophisticated. Last week the TTC took additional measures to secure organizational information. The intent is to stay one step ahead of cyber-criminals. Cyber-criminals are also always developing new techniques and it is therefore impossible for any organization to be completely immune from cyberattacks, despite having robust cybersecurity measures in place.

“We take matters of safety and security very seriously. In the days and weeks ahead, we will continue our investigation to determine how this incident happened and what we can do to further protect ourselves from similar incidents in the future.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Stemming the tide of cybercrime

By: Derek Manky Technology continues to play a significant role in accelerating...

Power through a work-from-anywhere lifestyle with the LG gram

“The right tool for the right job” is an old adage...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now