Ransomware strikes Toronto transit system, disrupting some services

The attack on the Toronto Transit Commission follows another on the Ann Arbor Transportation Authority last week.
TORONTO, ON - APRIL 01, 2020: A man is seen wearing a mask in the subway during morning commuting hours. (Photo by Cole Burston/Getty Images)

A ransomware attack on Toronto’s transit agency knocked some systems offline over the weekend, an incident that occurred days after another hack disrupted a Michigan transportation agency.

The Toronto Transit Commission said it first discovered the attack on Friday, after seeing “some unusual network activity” the day before. The intrusion initially appeared to have little impact, but the damage escalated “when hackers broadened their strike on network servers,” according to a statement to Canadian media outlets.

Online services for communicating with vehicle operators, information platform screens, trip-planning apps, the commission’s website, an online booking portal and internal email messaging were among the affected systems.

The Ann Arbor Area Transportation Authority — alternately known as TheRide — also said it was the victim of a security incident that disrupted its bus information systems. Neither the Toronto nor Ann Arbor attacks appeared to affect transportation services significantly. There is no indication the hacks are related.


“As soon as we became aware of the situation, our team immediately began taking action,” said Matt Carpenter, CEO of TheRide. “We shut down many of our systems, including our real-time bus information and in-office assistance while we assessed the situation.”

Cyberattacks on rail transport are a recent point of emphasis in the U.S. The Department of Homeland Security last month announced forthcoming requirements that air and rail transporters would have to report hacks to the Transportation Security Administration, select a point person for discussing attacks with the government and develop a recovery plan.

The Toronto and Ann Arbor disruptions are only the most recent intrusions affecting transit services. In July, hackers apparently tied to China hit New York’s Metropolitan Transportation Authority, although they didn’t seem to have destructive or financial intent.

Last last year, another Canadian transit agency suffered a ransomware attack. In 2016, San Francisco’s Muni system dealt with a $70,000 demand from digital extortionists.

The Toronto Transit Commission did not immediately respond to calls and emails seeking an update Monday.

Latest Podcasts