The personal information of approximately 25,000 current and former employees and pensioners may have been stolen in the cyber attack on the Toronto Transit Commission.
The TTC said in a statement that the information may include names, addresses and Social Insurance Numbers.
“We continue to investigate whether a small number of customers and vendors may also be impacted,” it also said.
Impacted employees will be notified directly by letter, and the TTC will provide credit monitoring and identify theft protection to them “as appropriate.”
“As the investigation continues, we will reach out to additional individuals who may be affected to offer assistance as appropriate,” the statement said.
The service continues to describe the attack as a cybersecurity incident. However, TTC chief executive Rick Leary said a number of the TTC’s were servers encrypted and locked. The threat actors, he added, belong to “an extremely well-organized enterprise.”
The transit service’s email system has been offline since the attack started on October 29th. For a time it also took out the TTC’s Vision system, used to communicate with vehicle operators, the ‘Next Vehicle’ information on platform screens, trip-planning in apps and on the TTC website, and the ability of passengers to reserve space online on the Wheel-Trans system, for those who can’t use a bus, streetcar or subway.
So far the TTC isn’t saying how the attack started. “Like many organizations around the world, we work extremely hard to plan and prepare for situations like this,” the statement says. “However, the fact remains that these types of incidents are becoming increasingly sophisticated. Last week the TTC took additional measures to secure organizational information. The intent is to stay one step ahead of cyber-criminals. Cyber-criminals are also always developing new techniques and it is therefore impossible for any organization to be completely immune from cyberattacks, despite having robust cybersecurity measures in place.
“We take matters of safety and security very seriously. In the days and weeks ahead, we will continue our investigation to determine how this incident happened and what we can do to further protect ourselves from similar incidents in the future.”