Ransomware attack led to 3 days of transit payment problems, TransLink says
Forensic investigation underway, authority says
TransLink says customers can return to using credit cards and debit cards at ticket vending machines and fare gates after three days of being unable to do so because of a ransomware attack on the Metro Vancouver transit authority.
CEO of Translink Kevin Desmond issued a statement Thursday afternoon to apologize for the inconvenience and provide more information about the mysterious cyberattack.
"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure. This attack included communications to TransLink through a printed message," said Desmond.
TransLink disabled several of its systems "out of an abundance of caution" on Tuesday after strange network activity affected some systems that morning. The transit authority would not release further information about the nature of the network activity, citing an ongoing police investigation.
At the time, a spokesperson did not answer a question about whether the activity involved customers' personal information.
Ransomware is a type of malicious software that disables part of a computer system or access to data until a ransom is paid.
However, TransLink said Thursday that upon detection, the transit authority took immediate steps to shut down key IT systems to reduce the impact to its infrastructure and operations.
TransLink said a forensic investigation is underway to determine how the incident occurred and what information was affected.
The transit authority is trying to reassure customers and said it does not store fare payment data and uses a secure third party to process payments for fare transactions.
Metro Vancouver Transit Police confirmed in an email Wednesday it is investigating "in partnership with local and national cyber crime experts."
For days, TransLink passengers were able to use cash at vending machines and staff were on site to help customers having problems buying fares. The authority had warned stored value could take longer than usual to load onto a Compass Card but those systems are now back to normal.
TransLink's Trip Planner tool had also been disabled.
As of Thursday evening, TransLink said it was working to resume normal operations as quickly as possible.
The issue has also affected employees' pay.
Coast Mountain Bus Company, which handles bus service in the region on behalf of TransLink, sent a memo to workers on Thursday saying they would be paid in the form of an advance on Friday, but aspects of some employees' paycheques — like payment for overtime and a reviewable pay stub — would be missing.
Any overpayments will be recovered on future paystubs, the memo said, while "adjustments will occur" at a later date if someone is underpaid.
With files from The Canadian Press