VANCOUVER (NEWS 1130) – It appears the cyberattack that hit TransLink late last year was a lot bigger than initially thought. Thousands of employees are getting the news in the form of a letter, which details what information hackers were able to get access to.
A TransLink worker has shared the letter they received with NEWS 1130. In their case, their social insurance number, date of birth, bank account number, and home address were compromised.
The cyberattack in December affected a range of employees, including those at the corporate level, bus drivers, and even members of Transit Police.
It appears the cyberattack that hit TransLink late last year was a lot bigger than initially thought. Thousands of employees are getting the news in the form of a letter, which details what information hackers were able to get access to. https://t.co/7EcyZnigB0 pic.twitter.com/IOb1eJIjn0
— CityNews Vancouver (@CityNewsVAN) February 24, 2021
In this letter, with the subject line “December 2020 Data Security & Privacy Incident,” TransLink writes that hackers accessed and copied files from restricted network drives “that include files that contain some banking information and some social insurance numbers. TransLink maintains this information for TransLink employees.”
“In addition, TransLink provides some human resource services to CMBC, Transit Police, BCRTC and WCE and therefore maintains some information of employees of these subsidiaries,” it added.
The letter says TransLink “deeply regrets that this incident occurred and its potential impact on affected individuals.”
It adds “TransLink always strives to protect the personal information in its care.”
The letter is signed by interim CEO Gigi Chen-Kuo.
Just off phone with Unifor Local 111 (union representing bus drivers) president Balbir Mann. He believes all or at the very least a majority of his members have received letter indicating their info was accessed — stresses this is not a small number. His info was also accessed. https://t.co/51SmxYNjFS
— Martin MacMahon (@martinmacmahon) February 23, 2021
Balbir Mann is the president of Unifor Local 111, which represents bus drivers, and he is among the employees whose personal information was compromised.
“It’s a scary moment for sure for everybody – for all of us. We are working hard on this to put a close to it. You know, having information being stolen, you don’t know how and when they’re going to use it,” he tells NEWS 1130.
He adds the union members are feeling frustrated and panicked, saying “it’s a very touchy situation right now.”
The transit authority is providing two years of credit monitoring services to anyone whose information may have been exposed, but Mann says that’s not long enough.
“We’ve asked for five [years]. I think we’ll probably need more than that moving forward. All of our members need protection,” he says.
Mann says the union is in talks with its legal team about the matter.
Earlier this month, we learned some retired and former employees, as well as some of their spouses, were being contacted by TransLink, telling them their data may have been compromised.
A class action lawsuit has been filed by a retired transit worker following the December data breach. The retired worker, who is only identified by the initials G.D., claims TransLink failed to responsibly manage his personal data and that of others during the data breach.
-with files from Paul James