TransLink employees' personal information leaked during cyber attack

Feb 23 2021, 12:28 pm

A number of TransLink employees, former and retired employees, and spouses of retired employees had their personal information accessed following a recent ransomware attack.

The cyber attack occurred during the first week of December 2020. Digital payment and information systems were shut down for a period of time as a precaution.

The attack included communications to the public transit authority through a printed message.

TransLink tells Daily Hive that they’re notifying the individuals whose personal information was unlawfully accessed. Affected individuals are being notified by mail, but it’s unclear just how many people were impacted.

“TransLink is notifying individuals whose sensitive personal information was accessed during the recent cyber attack,” TransLink tells Daily Hive in an emailed statement. “We are still in the process of determining the number of affected individuals.”

The company adds that those impacted will be offered a two-year credit monitoring service subscription with TransUnion, free of charge.

“This is a methodical and time-intensive process and we are committed to providing those impacted with timely and accurate information. The investigation into this attack is ongoing and we will continue to be as transparent as possible with our findings.”

When the attack occurred in December 2020, former TransLink CEO Kevin Desmond said that a comprehensive forensic investigation involving police was underway.

Desmond also stressed that fare payment data was not impacted, as it is not stored by the transit authority. TransLink uses a third-party payment processor for all transactions and does not hold that type of data.