TransLink confirms it was victim of 'ransomware' attack

Credit card and debit card transactions are once again able to be processed at vending machines and fare gates

TransLink CEO Kevin Desmond announced in October that he will leave the organization in February | Chung Chow

Payment-processing glitches at fare terminals and gates on Metro Vancouver's SkyTrain system were linked to a "ransomware" attack, TransLink CEO Kevin Desmond confirmed in a statement late afternoon on December 3. 

"This attack included communications to TransLink through a printed message," Desmond said, referring to a document widely circulated to media earlier in the day. 

That document outlined what the hackers had done, and instructed TransLink to download a special browser and open a link to start a live chat to learn how to pay the ransom. It was not immediately clear how much money the hackers wanted or whether TransLink contemplated paying the ransom.

"TransLink employs a number of tools to prevent, identify and mitigate these types of attacks," Desmond said. "Upon detection, we took immediate steps to isolate and shut-down key IT assets and systems in order to contain the threat and reduce the impact on our operations and infrastructure. We are now working to resume normal operations as quickly and safely as possible."

He added that Metro Vancouver's transit provider would be conducting a comprehensive forensic investigation to determine how the incident occurred, and what information may have been affected as a result.

"We want to assure our customers that TransLink does not store fare-payment data," he said. "We use a secure third-party payment processor for all fare transactions, and we do not have access to that type of data."

The company yesterday tweeted that it was investigating what it called "suspicious activity" detected on its IT networks on December 1. It said that because its initial probing had led to an active police investigation, it was limiting its comments. 

Inaccuracies in TransLink's online Next Bus feature were apparent as early as November 30. 

TransLink's Trip Planner tool has been disabled, and TransLink has said that payments for monthly passes and to add to stored value on Compass cards may take longer than usual to process.  

SkyTrain riders, meanwhile, were not able to use credit cards or debit cards to purchase fares. Instead, they were forced to go to automatic teller machines, where available, to get cash to insert into the machines. The feature that allowed people to tap credit cards at fare gates was also temporarily disabled. 

That inconvenience has now ended, with ticket machines and fare gates accepting those forms of payment. 

"All transit services continue to operate regularly, and no transit safety systems are affected," Desmond said in his statement. 

gkorstrom@biv.com

@GlenKorstrom