Former transit worker launches class action against TransLink after data breach

VANCOUVER (NEWS 1130) – A class action lawsuit has been filed by a retired transit worker after a TransLink data breach we learned about last month.

Claiming TransLink failed to responsibly manage his personal data and that of others during the data breach, the retired worker, who is only going by the initials G.D., is taking his former employer to court, seeking compensation for anyone whose information was accessed.

FIRST on @NEWS1130 — Claiming TransLink failed to responsibly manage his personal information and that of others during last month's cyber attack, a retired transit worker only going by the initials G.D. is taking his former employer to court. I speak with lawyer @snematollahi

— Martin MacMahon (@martinmacmahon) January 25, 2021

His lawyer, Sage Nematollahi with KND Complex Litigation, who is filing the suit alongside Diamond and Diamond, says it’s important everyone affected receives appropriate compensation.

“And at the end of the day, we think this is a situation where compensation to the affected individuals is appropriate, given all the risk and cost to which they are exposed in the sense of losing their privacy and losing their very valuable personal information,” Nematollahi tells NEWS 1130.

“It’s never a good feeling where someone’s very sensitive personal information is exposed. So that’s issue number one. And secondly, there are questions and concerns about the manner in which the incident has been communicated to the public and the stakeholders.”

This is designed to be a class action lawsuit, and @snematollahi tells me there's a possibility this could expand to include TransLink users if it's proven their data was compromised or they were affected in some way by the ransomware attack. #ClassAction https://t.co/rKUT5nrX6m

— Martin MacMahon (@martinmacmahon) January 25, 2021

The Notice of Civil Claim against TransLink says the breach “resulted in the loss, theft or compromise of highly sensitive information of the Defendant’s employees and its other stakeholders including, but not limited to, their extremely sensitive and highly valuable banking information.”

It goes on to claim the data breach “occurred as a result of the Defendant’s failure to comply with its obligations under the Freedom of Information and Protection of Privacy Act.”

Nematollahi says his client is feeling vulnerable after everything that’s happened.

“But at the same time, we are trying to take steps to mitigate the damages and the risk, and I think that’s what needs to be done as well, even on the part of TransLink to cooperate with the stakeholders and affected individuals such that the scope of the risk can be assessed and proper steps can be taken to mitigate the risk going forward,” he explains.

In a statement to NEWS 1130, TransLink spokesperson Gabrielle Price says the transit authority is “aware of a civil claim” related to the cyberattack.

“We are in the process of considering the claim, but will not be providing further comment while this matter is before the courts,” she says in a statement.

“Speaking generally about the cyber attack and our response to it, however, prior to the attack we had many security measures in place to secure the information of our past and present employees and customers, and we will continue to explore ways to enhance this security. TransLink proactively disclosed suspicious activity on our network and associated impacts within hours of this incident occurring. Throughout this incident, we have proactively and on an ongoing basis disclosed as much accurate information as we can to keep people informed as best as we are able at this point in an ongoing forensic and police investigation.”

2021.01.06 - TransLink NOCC

TransLink was forced to shut down some of its services because of the “suspicious network activity” reported on Dec. 2.

The minister in charge of the transit authority said two days later that there was no information to indicate hackers gained access to anyone’s private financial information. However, George Heyman noted he was not in a position to promise anyone that their information wasn’t accessed.

“The decisions about how to respond to a ransom request rests with TransLink and the authorities and the police, with whom they’re in contact,” Heyman said on Dec. 4. “It is not up to the province to tell TransLink what the appropriate response is. I think it’s probably prudent for me to say no more on the matter. An investigation is ongoing by both TransLink and other authorities.”

Related articles:

• No guarantee personal info wasn’t accessed in TransLink hack: minister

• Hackers may have accessed employee’s personal and banking information in TransLink cyberattack

• TransLink IT system still not fully restored after cyberattack

Heyman added TransLink had done everything in its power to ensure private information is secure.

Close to a month after the breach, TransLink warned hackers may have “accessed” and “copied files from a restricted network drive,” resulting in payroll disruptions for some TransLink, Coast Mountain Bus Company, and Transit Police employees.

By Jan. 14, the transit authority said all employees’ pay had been squared up.

None of the allegations in the Notice of Civil Claim have been proven in court.

-With files from Kathryn Tindale, Denise Wong, Ria Renouf, and Miranda Fatur