TransLink CEO confirms ransomware hack, says payment info not compromised

NEW WESTMINSTER (NEWS 1130) — TransLink’s CEO has now confirmed the system was targeted with a ransom attack.

In a statement Thursday, Kevin Desmond says “this attack included communications to TransLink through a printed message.”

He goes on to assure customers their credit card and payment information has not been accessed.

“TransLink does not store fare payment data. We use a secure third-party payment processor for all fare transactions, and we do not have access to that type of data,” the statement reads.

Earlier in the day, NEWS 1130 obtained a copy of the ransom demand. The letter, which sources said was coming out of printers at TransLink, read: “Your network was attacked, your computers and servers were locked.”

Working with my colleague @pjimmyradio, we can confirm for @NEWS1130 that @TransLink has been hacked. Our information comes from multiple sources within the transit authority, who have shared the ransom letter with us. Listen in for more details throughout the afternoon.

— Martin MacMahon (@martinmacmahon) December 3, 2020

The note went on to threaten to release certain information in three days if TransLink does not meet its demands, which were unspecified in this letter. The hackers also instructed the transit authority to download a private browser in order to proceed.

TransLink shut down several of its IT services earlier this week. Tap and pay was disabled for a time, and commuters were unable to use credit or debit cards in the TransLink fare machines.  These services came back online Thursday afternoon.

“All transit services continue to operate regularly, and no transit safety systems are affected,” Desmond wrote in his statement.

RELATED: Multiple TransLink services still down due to ‘suspicious network activity’

A similar situation happened in Montreal in October when hackers demanded US$2.8 million, though it’s not clear if there’s any connection.

The transit authority is currently carrying out a forensic investigation in partnership with police following the activity, but TransLink continues to be vague about what happened to the system.

UPDATE: Credit card and debit card transactions are once again able to be processed at Compass vending machines. Customers who recently purchased monthly passes or stored value will also soon see the credit loaded onto their Compass Card.

— News from TransLink (@TransLinkNews) December 4, 2020

Unifor Local 111 President Balbir Mann also told NEWS 1130 the IT shutdowns were a hack before TransLink confirmed that information. However, he said he had been told that bus drivers’ personal information has not been compromised.

“We have assurances they haven’t gone that far,” he says.

However, he says the IT problems are impacting GPS functions on buses.

“They don’t know where the busses are right now at the moment, but we have a radio system so if members need help out there they can still call,” Mann says. “We’re in the fallback mode, but slowly things are progressing.”

The investigation was announced Tuesday, but in a statement Wednesday, TransLink said, “Given this is an active investigation involving law enforcement authorities, we will be limiting our comment at this time.”

Watch: TransLink disables multiple services while investigating ‘suspicious network activity’

-with files from Kurtis Doering