Loading articles...

TransLink CEO confirms ransomware hack, says payment info not compromised

Last Updated Dec 3, 2020 at 7:52 pm PDT

(Alison Bailey, NEWS 1130 Photo)

Issues Metro Vancouver transit riders have been facing were caused by a hack, TransLink confirms

NEWS 1130 has obtained a copy of the ransom letter, which has been coming out of TransLink printers

The note from the hackers threatened to release certain information in three days if TransLink does not meet its demand

NEW WESTMINSTER (NEWS 1130) — TransLink’s CEO has now confirmed the system was targeted with a ransom attack.

In a statement Thursday, Kevin Desmond says “this attack included communications to TransLink through a printed message.”

He goes on to assure customers their credit card and payment information has not been accessed.

“TransLink does not store fare payment data. We use a secure third-party payment processor for all fare transactions, and we do not have access to that type of data,” the statement reads.

Earlier in the day, NEWS 1130 obtained a copy of the ransom demand. The letter, which sources said was coming out of printers at TransLink, read: “Your network was attacked, your computers and servers were locked.”

The note went on to threaten to release certain information in three days if TransLink does not meet its demands, which were unspecified in this letter. The hackers also instructed the transit authority to download a private browser in order to proceed.

TransLink shut down several of its IT services earlier this week. Tap and pay was disabled for a time, and commuters were unable to use credit or debit cards in the TransLink fare machines.  These services came back online Thursday afternoon.

“All transit services continue to operate regularly, and no transit safety systems are affected,” Desmond wrote in his statement.

RELATED: Multiple TransLink services still down due to ‘suspicious network activity’

A similar situation happened in Montreal in October when hackers demanded US$2.8 million, though it’s not clear if there’s any connection.

The transit authority is currently carrying out a forensic investigation in partnership with police following the activity, but TransLink continues to be vague about what happened to the system.

Unifor Local 111 President Balbir Mann also told NEWS 1130 the IT shutdowns were a hack before TransLink confirmed that information. However, he said he had been told that bus drivers’ personal information has not been compromised.

“We have assurances they haven’t gone that far,” he says.

However, he says the IT problems are impacting GPS functions on buses.

“They don’t know where the busses are right now at the moment, but we have a radio system so if members need help out there they can still call,” Mann says. “We’re in the fallback mode, but slowly things are progressing.”

The investigation was announced Tuesday, but in a statement Wednesday, TransLink said, “Given this is an active investigation involving law enforcement authorities, we will be limiting our comment at this time.”

Watch: TransLink disables multiple services while investigating ‘suspicious network activity’

-with files from Kurtis Doering