TTC ransomware attack may have stolen personal information of up to 25,000 various employees

The TTC fell victim to a cyberattack a week and a half ago and now officials say it affected hundreds of more people than initially thought.

According to transit officials, the personal information of about 25,000 of its employees, former employees and pensioners may have been stolen in the October 29 incident.

The agency says the data in question may include names, addresses and social insurance numbers.

It’s still unclear if any customers or vendors have been affected.

The TTC revealing now that the ransomware attack from Oct. 29 left the names, addresses, and Social Insurance Numbers of about 16,000 staff and 9,000 pensioners exposed to theft. CEO Rick Leary says they don’t know yet if customer data was also exposed. @CityNewsTO pic.twitter.com/4T1uijKbjf

— Mark Douglas (@DouglasCityNews) November 8, 2021

CEO Rick Leary said there is no evidence any of the details accessed have been misused. All transit officials know right now is that the information was stored on some of the computer servers hit by the hack.

“This is a proactive approach — getting out in front, letting our employees know right away,” explained Leary. “The incident resulted in a number of the TTC’s servers being encrypted and locked, resulting in the loss of our VISION system, vehicle arrival information, and online Wheel-Trans booking systems, as well as external network connectivity, including e-mail.”

Everyone affected by the cyberattack is being contacted, the TTC says, and it is offering to pay for three years of credit monitoring and identity theft protection to help keep anyone affected from being exploited.

As of now, the commission is working to rebuild the remaining servers and internal services, such as re-establishing email capabilities.

Leary added the fact there have been nearly 700 similar cyber security attacks involving public and private sectors groups in Canada shows just how pervasive they are.

“We continue to investigate whether any customer or vendor information was compromised,” Leary added. “There’s no evidence at this time that any of this information has been misused.”

The TTC confirms it is in the process of notifying everyone that may have been impacted, including employees, former employees and pensioners.

“Over the coming weeks, we will continue rebuilding the remaining impacted servers and internal services, like re-establishing external e-mail capabilities. But in truth, and based on the experiences of other organizations, this could take some time,” Leary said.

“… I again want to thank all of our employees for their dedication and hard work, and our customers for their patience and understanding.”