Vancouver Public Transportation Agency ‘TransLink’ Hit by Ransomware

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

‘TransLink’ has confirmed a ransomware attack via an official statement by its CEO, as the disruption in the operations of Vancouver’s public transportation agency is now evident. The attack happened on Tuesday this week, and people immediately had trouble using their Compass metro cards and buying tickets on the agency’s kiosks.

At first, ‘TransLink’ told the public that this was just a temporary technical issue, either because they didn’t want to admit the cybersecurity incident or because they failed to realize the nature of the problem.

Whatever the case, they have confirmed the event now, and they were obliged to clarify a couple of things as a result. First, the agency claims that no customer details or payment data have been compromised or accessed by hackers. Secondly, customers are assured that they can safely use their credit and debit cards at the Compass vending machines again without fearing data loss. And thirdly, ‘TransLink’ has clarified that while not all systems are up and running yet (like the bus GPS), those having to do with transit safety and core operational services are unaffected.

But according to the local media outlet “News1130,” the part that rules out the possibility of the hackers having stolen data from the agency’s network is not entirely truthful. Moreover, a document that is allegedly the ransom note that is being spewed by the printers of the agency has appeared on Twitter today.

The letter indicates that the actors are those of the “Egregor” gang, giving TransLink three days to pay “hundreds of millions of unwanted dollars.” Failing to do so would result in the publication of the private data that the hackers downloaded as part of the attack. No mention of what this data constitutes is to be found in the letter, though, so hopefully, it doesn’t include people’s card details.

TransLink told the press that since there’s an active investigation involving the law enforcement authorities in Canada, they prefer to limit their comments at this time. While this is understandable, making vague reassuring claims about the payment kiosks’ safety so soon after such a catastrophic incident should be avoided.

Instead, TransLink should have reverted to more inconvenient but secure payment methods for a while. Or even better, give tickets free of charge until their systems are fully secured.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: