Hackers accessed the personal and banking information of TransLink employees during a cyberattack that targeted the company’s IT infrastructure earlier this month.
The hackers “accessed and may have copied files from a restricted network drive,” according to an internal email by Coast Mountain Bus Company (CMBC) to their employees. CMBC is the transit service company under the TransLink enterprise serving passengers in Metro Vancouver.
The email was obtained by The Global News on Wednesday, and said that the files contain payroll information such as banking information and social insurance numbers of employees from TransLink, CMBC, and Vancouver Transit Police, alongside with other network drives.
TransLink is currently working to identify the affected employees but said customers’ fare payment information has not been compromised.
Meanwhile, employees are advised to sign up for a two-year credit monitoring service through their workers’ union at no charge to monitor any suspicious activity in their bank accounts.
TransLink confirmed in a news release on Dec. 4 that the company’s IT infrastructure was targeted by hackers in a ransomware attack. Ransomware is a type of malicious software that disables part of a computer system or access to data until a ransom is paid.
The attack included a printed message by the hackers that said, “your network was ATTACKED, your computers and servers were LOCKED, your private data was DOWNLOADED,” including threats that “if you do not contact us in the next 3 DAYS we will begin DATA publication,” according to a Global News reporter who posted a photo of the ransom letter on Twitter.
TransLink CEO Kevin Desmond said in the release that the moment the company detected the attack, they took immediate steps to isolate and shut down key IT assets and systems to contain the threats so that they could resume their operation quickly and safely.
He also assured customers that TransLink does not store their fare payment data as the company uses a third party to process the transactions, which TransLink does not have access to. Desmond said the company would conduct a comprehensive forensic investigation to determine how the incident occurred and what information may have been affected.
Besides TransLink, in September, the College of Nurses of Ontario, the organization that regulates the nursing profession in Ontario, and Canadian Tire were also hit by a ransomware cyberattack.
In the 2020 National Cyber Threat Assessment report, the Canadian Centre for Cyber Security (CCCS) warned that the number of cyber threat actors will continue to rise and target Canadians and Canadian organizations to “steal personal, financial, and corporate information.”
“We judge that ransomware directed against Canada will almost certainly continue to target enterprises and critical infrastructure providers,” CCCS said. “These entities cannot tolerate sustained disruptions and are willing to pay up to millions of dollars to quickly restore their operations.”
The intentions of the cyber threat actors are to “cause major damage or loss of life in the absence of international hostilities.” according to the centre.
Of the countries named, CCCS said state-sponsored cyber activities coming from China, Russia, Iran, and North Korea pose the greatest strategic threats to Canada as they will “almost certainly continue to conduct commercial espionage against Canadian businesses, academia, and governments to steal Canadian intellectual property and proprietary information.”
To prepare and prevent ransomware attacks, the CCCS advises companies to have backups of all their devices stored offline. It can also include backing up data on a different network, or in an external hard drive.
Keeping operating systems, applications, and software updated are essential to counter ransomware attacks too, the report states. Training employees to recognize phishing emails or suspicious attachments work well as well. The centre also recommends granting restrictive IT access to employees based on their job functions.
The Canadian Press contributed to this report