TransLink was the victim of a ransomeware attack on its information technology systems this week, which resulted in the shutdown of some digital payment and information systems as a precaution.
This attack included communications to the public transit authority through a printed message.
In a released statement, TransLink CEO Kevin Desmond says a comprehensive forensic investigation involving police is being conducted to determine how the attack occurred, and what information may have been affected as a result.
- See also:
However, he says fare payment data is not impacted, as it is not stored by the transit authority. TransLink uses a third-party payment processor for all transactions and does not hold that type of data.
“TransLink employs a number of tools to prevent, identify and mitigate these types of attacks,” said Desmond.
“Upon detection, we took immediate steps to isolate and shut-down key IT assets and systems in order to contain the threat and reduce the impact on our operations and infrastructure. We are now working to resume normal operations as quickly and safely as possible.”
As of Thursday evening, passengers could once again use credit cards at Compass vending machines and the Tap to Pay function on the fare gates. Anyone who recently purchased monthly passes or stored value will soon see their credit loaded onto their Compass Card account.
These functions, along with Trip Planner, were first disabled on December 1, when TransLink became aware of “suspicious network activity” on the morning of that day. Transit services were not impacted.
Ransomware attacks typically extort the victim for a very significant cash payment to prevent the release, suspension, and/or deletion of critical and sensitive information.
“We are sharing as much as we can at this point considering that this is an active investigation. We feel it is important to keep our customers and employees as informed as possible in the circumstances. We are also sharing this update in order to alert other organizations about the dangers of this ransomware attack,” continued Desmond.
Ransomware attacks on large entities have been growing in frequency in recent years, including known attacks on transit authorities in San Francisco, Sacramento, and Philadelphia.
The attack on the Southeastern Pennsylvania Transportation Authority (SEPTA) in Philadelphia this past August also caused a shutdown of real-time travel information provided to passengers, access to employee email, and disrupted internal routine scheduling systems.
It was reported in October, two months after the attack, that SEPTA employees still could not enter files on shared drives or gain internet access at its headquarters.