[BreachExchange] Employee information stolen in October cyberattack: TTC memo

Mon Nov 8 16:14:31 EST 2021

https://torontosun.com/news/local-news/employee-information-stolen-in-october-cyberattack-ttc-memo

The TTC has urged its employees to keep an eye on their bank accounts after
a cyberattack in October crippled a number of the transit agency’s key
systems.

An internal memo issued Monday said the investigation suggests the personal
information of as many as 25,000 current and former TTC employees may have
been compromised in the Oct. 29 hack.

“We continue to investigate whether a small number of customers or vendors
may also be impacted and will notify these individuals when we have further
information,” the memo said.

The TTC claims the compromised information may include names, addresses,
and social insurance numbers.

Those impacted by the breach, added the memo, will be contacted directly.

TTC employees are being asked to immediately sign up for a credit
monitoring service, and to notify their bank. A statement similar to the
internal memo was released by the TTC Monday afternoon.

The Oct. 29 ransomware attack brought down a number of TTC systems,
including internal employee email, payroll, real-time route tracking,
online booking for WheelTrans, and systems that allow transit control to
monitor and communicate with surface vehicles.

Concerns over communication and safety triggered dozens of formal work
refusals being filed with the Ontario Ministry of Labour.

On Friday, TTC commissioners were provided with a confidential update
during an emergency, in-camera meeting.

A statement from TTC CEO Rick Leary said there isn’t yet any evidence the
information has been misused, and added that the hackers were part of an
“extremely well-organized” enterprise.

“Over the coming weeks, we will continue rebuilding the remaining impacted
servers and internet services, like re-establishing external email
capabilities,” Leary wrote.

“But in truth, and based on the experiences of other organizations, this
could take some time.”

ATU Local 113 President Carlos Santos said he’s extremely concerned over
the breach and how it may impact both employees and retired transit workers.

“We expect the TTC to treat this issue with the severity it deserves and
keep our union leadership and members updated,” he said.

“When the news of the cyberattack originally broke, ATU Local 113 noted
that the security of confidential information of TTC workers must be a
priority.

Dariusz Nowotny, vice-president of CUPE Local 5089 — which represents TTC
special constables and fare inspectors — called for Leary to step down.

“There was a total lack of communication from the TTC to the local on this
serious issue,” he told the Toronto Sun. “Members are distraught that it
took 11 days for the TTC to alert their employees.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211108/99059e71/attachment.html>