Skip to main content

Some TTC communication services continue to be down after ransomware attack


The Toronto Transit Commission's Wheel-Trans online booking portal, trip-planning apps and other communications systems continue to be down after the transit agency was hit by a ransomware attack on Thursday.

“Unfortunately, there is no update really to speak of,” TTC Spokesperson Stuart Green told CP24 Saturday morning. “We continue to have issues, we've got our internal staff as well as some external cybersecurity experts that we've called in to help with this.”

The TTC first learned about the hack Thursday night when an IT employee found “unusual network activity,” according to a statement issued Friday evening.

The TTC said the attack was initially “minimal” but then became progressively worse by mid-Friday.

Hackers also knocked down the TTC’s Vision System, which is used to communicate with vehicle operators.

In the meantime, the TTC is using radio backup to speak with its staff.

READ MORE: TTC investigating ransomware attack that compromised multiple servers

“We think we've managed to sort of isolate things and stabilize our network…We've got sort of a hierarchy of things that we need to get back online first. The first of which would be our Vision System that allows full communication with our operators in the field,” Green said.

As for the TTC’s Wheel-Trans online booking portal, Green said customers who pre-booked a ride will still get service, and customers who want service can make a request by calling the TTC.

Other services disrupted include the ‘Next Vehicle Information System’ on platform screens, the TTC website and the TTC’s internal email service.

“So if you're trying to use one of the apps on your phone, and you're waiting at a bus stop you will not see the next vehicle arriving or you may see something but it won’t be accurate, as well as the internal emails that are down so we have no network service,” Green said.

The TTC said that there were no major service interruptions caused by the attack and that there is no risk to employee or customer safety.

Green, however, said it is unknown if any employee or customer information has been compromised.

The transit agency has called in law enforcement and cybersecurity experts, including the City of Toronto’s IT department, to fix the issue and determine the cause of the attack.

Green said the TTC identified the attack early and is updating its system to prevent these attacks from happening again.

“We obviously have done everything we possibly could and humanly could. You know, we identified the threat early. But as anyone who has been a victim of these things knows, and many large organizations have been victims of these things, they move very, very quickly. We are in the process of upgrading our systems.”

There is no timeline yet for when services will be up and running.

“It's really just a matter of time. We'll continue to advise customers through our social media channels when we have any updates. It’s going be inconvenient for customers, unfortunately, and, of course, we have to apologize for that.”

The TTC cancelled its planned subway closure on Saturday between St. Clair and College stations to focus on addressing the attack.

With files from CP24's Bryann Aguilar Top Stories

Stay Connected