A recent press release from the Toronto Transit Commission (TTC) revealed that hackers unscrupulously accessed its employee database in late October. Apart from compromising the data of new and current personnel, there is a big possibility that those of former employees and pensioners were also breached.
The TTC is presently communicating with the individuals whose personal information may have been breached to curb future issues if the same were used for illegal purposes.
An initial investigation was immediately launched after the ransomware attack, and there is no showing that the hacked information was used for unlawful activities. “It is very important to note that, at this time, there is no evidence that any of the personal information that was accessed has been misused,” the TTC press release pointed out.
“We continue to investigate whether any customer or vendor information was compromised,” Rick Leary, CEO of TTC, related in a statement. “Based on what we know at this point, the culprits were able to gain access to TTC files that may contain personal information of approximately 25,000 employees, past and present.”
While the information gleaned from the initial investigation revealed that no customer personal information was hacked during the late October ransomware attack, the TTC is still pushing for the conduct of another inquiry into the matter to double-check. The public transport agency also stressed that it would provide identity theft protection and credit monitoring for customers if the breached information is misused.
Leary emphasized that they are still trying to determine who was responsible for the recent hacker attack. “What we know about the threat actors, in this case, is that they belong to an extremely well-organized enterprise,” he explained.