British Columbia

Ransomware attack led to 3 days of transit payment problems, TransLink says

Transit passengers in Metro Vancouver are now able to pay their fares with debit or credit at Compass Card vending machines after they were offline for three days due to a ransomware attack.

Forensic investigation underway, authority says

Vancouver, B.C., transit authority TransLink announced Thursday that it fell victim to a ransomware attack this week. (Ben Nelms/CBC)

TransLink says customers can return to using credit cards and debit cards at ticket vending machines and fare gates after three days of being unable to do so because of a ransomware attack on the Metro Vancouver transit authority.

CEO of Translink Kevin Desmond issued a statement Thursday afternoon to apologize for the inconvenience and provide more information about the mysterious cyberattack.

"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure. This attack included communications to TransLink through a printed message," said Desmond.

TransLink disabled several of its systems "out of an abundance of caution" on Tuesday after strange network activity affected some systems that morning. The transit authority would not release further information about the nature of the network activity, citing an ongoing police investigation.

At the time, a spokesperson did not answer a question about whether the activity involved customers' personal information.

Ransomware is a type of malicious software that disables part of a computer system or access to data until a ransom is paid.

However, TransLink said Thursday that upon detection, the transit authority took immediate steps to shut down key IT systems to reduce the impact to its infrastructure and operations. 

TransLink said a forensic investigation is underway to determine how the incident occurred and what information was affected.

The transit authority is trying to reassure customers and said it does not store fare payment data and uses a secure third party to process payments for fare transactions.

Metro Vancouver Transit Police confirmed in an email Wednesday it is investigating "in partnership with local and national cyber crime experts."

For days, TransLink passengers were able to use cash at vending machines and staff were on site to help customers having problems buying fares. The authority had warned stored value could take longer than usual to load onto a Compass Card but those systems are now back to normal.

TransLink's Trip Planner tool had also been disabled. 

As of Thursday evening, TransLink said it was working to resume normal operations as quickly as possible.

The issue has also affected employees' pay. 

Coast Mountain Bus Company, which handles bus service in the region on behalf of TransLink, sent a memo to workers on Thursday saying they would be paid in the form of an advance on Friday, but aspects of some employees' paycheques — like payment for overtime and a reviewable pay stub — would be missing.

Any overpayments will be recovered on future paystubs, the memo said, while "adjustments will occur" at a later date if someone is underpaid.

With files from The Canadian Press


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?