The Ransomware Attack On The TTC Is Worse Than Previously Thought As Info On 25K Employees Is Swiped

You might recall that I wrote about the TTC being pwned by ransomware. That is bad. But it’s now worse as 25,000 TTC employees now have to worry about their personal information falling into the hands of scumbags who will no doubt do something evil with it:

Personal information of tens of thousands current and former employees of the Toronto Transit Commission may have been stolen, the transit agency says based on further investigation into an online ransomware attack that hit some of its systems a few weeks ago. 

In a news release Monday, the TTC said the compromised information may include the names, addresses and Social Insurance Numbers of up to 25,000 employees. 

The agency said it continues to investigate whether a small number of customers and vendors may also be affected.

“It is very important to note that, at this time, there is no evidence that any of the personal information that was accessed has been misused,” the release noted.

I think the TTC means to say that “there is no evidence that any of the personal information that was accessed has been misusedYET.” And Director of Strategic Threat, Marcus Fowler at Darktrace agrees with me:

“Double extortion ransomware, where attacks don’t just lock up data but steal it too, remains a top cyber concern with the alleged theft of personal information of over 25k current and former TTC employees. This tactic is of particular concern because when a company refuses to pay up, information can be leaked online or sold to the highest bidder making all backups and data recovery plans worthless. Stopping attacks that are in progress, before hackers get the chance to encrypt and steal data, has never been more critical in the ongoing war against innovative cyber criminals.”

This is a huge disaster for the TTC. Some of their services are still down with no timeline for them to come back online. And now there’s this. This is not a good look at all for the TTC.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: