Up to 25,000 present and former TTC employees’ personal information may have been taken as a result of a ransomware attack that wreaked havoc on a number of internal and external systems last week.
The names, residences, and Social Security numbers of up to 25,000 “previous and present” TTC employees were compromised, according to a statement released Monday afternoon by the TTC.
While there is “no evidence at this time” that any of the information has been “misused,” the TTC said it is still contacting affected employees and offering them free credit protection for three years.
The transit commission said that it also still investigating whether data belonging to “a small number of customers and vendors” may have been affected by the breach.
“On behalf of the entire organization, I want to express my deep regret that this has occurred to everyone who may be impacted,” TTC CEO Rick Leary said in a statement. “It is not lost on me that organizations like ours are entrusted with significant amounts of personal information and it is essential that we do our best to protect it.”
The ransomware attack was first detected on Oct. 28, though the full impact of the breach wasn’t clear until the following day.
In his statement, Leary said that the hackers appear to “belong to an extremely well-organized enterprise” though he did not provide any information about how they may have gained access to the TTC’s networks.
He also refused to reveal whether the TTC paid any ransom to restore its service during a subsequent interview with CP24 on Monday afternoon, only saying that additional information would be forthcoming.
“This is an ongoing investigation and there a lot of forensics continuing and we will be transparent,” he promised. “There’ll be more information as we find out that information.”
Leary said that ransomware attack resulted in “a number of the TTC’s servers being encrypted and locked,” which in turn knocked down the Vision System used to communicate with vehicle operators as well as a slate of other online systems, including the Wheel-Trans booking portal and the next vehicle information system.
While most customer-facing systems were restored within four days, the TTC’s internal email system remains offline.
The TTC has set up a website for current and former employees to access information about the breach.
It has also said that letters will be sent to those affected “shortly.”
The TTC’s main union said it is “very worried” about the potential breach in a statement emailed to members on Monday.
“We expect the TTC to take this matter with the seriousness it deserves and to keep our union leadership and members informed,” said Carlos Santos, president of Amalgamated Transit Union Local 113. “ATU Local 113 demands that the TTC take all reasonable means to monitor, safeguard, and retrieve personal employee information and other sensitive data that may have been compromised as a result of this breach.”