TTC provides update on cyber security incident

Today, the TTC is providing an update on the cyber security incident that it became aware of on October 29, 2021. The TTC is working through this incident, public-facing systems are now mainly restored and the investigation continues.


Upon learning about this incident, the TTC promptly began an investigation. Based on the investigation so far, it now appears that personal information of some TTC employees, former employees and pensioners may have been stolen.


This information may include the names, addresses and Social Insurance Numbers of up to 25,000 TTC employees, past and present. The TTC continues to investigate whether a small number of customers and vendors may also be affected and will notify when there is further information as appropriate.


It is very important to note that, at this time, there is no evidence that any of the personal information that was accessed has been misused. This was a sophisticated incident, similar to the hundreds of incidents reported in Canada in the last year alone.


The TTC is notifying individuals who may have been affected and will be providing credit monitoring and identify theft protection to them as appropriate. As our investigation continues, we will reach out to additional individuals who may be affected by this incident to offer assistance as appropriate.


This matter is of the utmost importance to the TTC and is being treated as a top priority. The TTC apologizes for the inconvenience this is causing affected individuals.


The TTC has shared more information, including supports for employees, on its website at This website will continue to be updated as more information becomes available. Employees, former employees and pensioners can also call a dedicated employee hotline at 416-362-7547 through Employee Service Centre. The Centre is open from 7:00 a.m. to 5:00 p.m. Eastern Time Monday to Friday and you can leave a message after hours and someone will call you back.


For information on how to set up credit monitoring, employees can ask their manager or supervisor about the best way to contact TransUnion.


See below for a statement from Rick Leary, TTC CEO.


Statement from TTC CEO Rick Leary on cyber security incident


As we announced on Friday, October 29, the TTC was recently the victim of a sophisticated cyber security incident that impacted a number of internal and customer-facing functions.


Today I am providing an update on that incident.


Let me remind everyone that protecting the health and safety of our customers and employees is our top concern and this incident did not compromise that.


As I’m sure everyone can appreciate, these incidents are intricate in nature and require complex solutions.


Over the past week, we have been working day and night to resolve this situation – to get our lost services back online and to gain a clearer understanding as to the breadth of the incident.


The incident resulted in a number of the TTC’s servers being encrypted and locked, resulting in the loss of our VISION system, vehicle arrival information, and online Wheel-Trans booking systems, as well as external network connectivity, including e-mail.


Based on what we know at this point, the culprits were able to gain access to TTC files that may contain personal information of approximately 25,000 employees, past and present. We continue to investigate whether any customer or vendor information was compromised.


There’s no evidence at this time that any of this information has been misused.


Again, while we do not have evidence that any of this information has been misused, we are taking steps to ensure those who may be impacted are protected from things like identity theft. We are doing this by offering three years of credit protection through TransUnion.


This is being done both out of an abundance of caution and because it’s the right thing to do. In the coming days we will be reaching out to these potentially affected individuals to advise them of next steps.


What we know about the threat actors in this case is that they belong to an extremely well-organized enterprise.


On behalf of the entire organization, I want to express my deep regret that this has occurred to everyone who may be impacted.


It is not lost on me that organizations like ours are entrusted with significant amounts of personal information and it is essential that we do our best to protect it.


The fact that in the past year there have been nearly 700 similar cyber security incidents involving public and private sector organizations in Canada is indicative of just how pervasive they really are.


I want everyone to be assured the TTC continues to follow best practices in securing our IT infrastructure.


I believe it is also important for the reputation of the TTC to be honest and open with our employees, customers and stakeholders. That’s why we continue to share what we know and how we have responded to this incident as soon as we are able.


As I told our Board last week, we are fully committed to learning from this incident.


Additionally, we are in the process of notifying everyone we believe may have been impacted, including employees, former employees and pensioners about how they can participate in the program to protect their identity.


Over the coming weeks we will continue rebuilding the remaining impacted servers and internal services, like re-establishing external e-mail capabilities. But in truth, and based on the experiences of other organizations, this could take some time.


These are certainly challenging times for this organization as we work tirelessly to restore all functions to their previous state. But I am fortunate to be surrounded by 16,000 talented employees who I know will get us there as quickly as possible.


I again want to thank all of our employees for their dedication and hard work, and our customers for their patience and understanding.

For media inquiries, please contact TTC Media Relations: 416-981-1900.

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.