Message from the Executives

Statement from TTC CEO Rick Leary on cyber security incident

As we announced on Friday, October 29, the TTC was recently the victim of a sophisticated cyber security incident that impacted a number of internal and customer-facing functions.


Today I am providing an update on that incident.


Let me remind everyone that protecting the health and safety of our customers and employees is our top concern and this incident did not compromise that.


As I’m sure everyone can appreciate, these incidents are intricate in nature and require complex solutions.


Over the past week, we have been working day and night to resolve this situation – to get our lost services back online and to gain a clearer understanding as to the breadth of the incident.


The incident resulted in a number of the TTC’s servers being encrypted and locked, resulting in the loss of our VISION system, vehicle arrival information, and online Wheel-Trans booking systems, as well as external network connectivity, including e-mail.


Based on what we know at this point, the culprits were able to gain access to TTC files that may contain personal information of approximately 25,000 employees, past and present. We continue to investigate whether any customer or vendor information was compromised.


There’s no evidence at this time that any of this information has been misused.


Again, while we do not have evidence that any of this information has been misused, we are taking steps to ensure those who may be impacted are protected from things like identity theft. We are doing this by offering three years of credit protection through TransUnion.


This is being done both out of an abundance of caution and because it’s the right thing to do. In the coming days we will be reaching out to these potentially affected individuals to advise them of next steps.


What we know about the threat actors in this case is that they belong to an extremely well-organized enterprise.


On behalf of the entire organization, I want to express my deep regret that this has occurred to everyone who may be impacted.


It is not lost on me that organizations like ours are entrusted with significant amounts of personal information and it is essential that we do our best to protect it.


The fact that in the past year there have been nearly 700 similar cyber security incidents involving public and private sector organizations in Canada is indicative of just how pervasive they really are.


I want everyone to be assured the TTC continues to follow best practices in securing our IT infrastructure.


I believe it is also important for the reputation of the TTC to be honest and open with our employees, customers and stakeholders. That’s why we continue to share what we know and how we have responded to this incident as soon as we are able.


As I told our Board last week, we are fully committed to learning from this incident.


Additionally, we are in the process of notifying everyone we believe may have been impacted, including employees, former employees and pensioners about how they can participate in the program to protect their identity.


Over the coming weeks we will continue rebuilding the remaining impacted servers and internal services, like re-establishing external e-mail capabilities. But in truth, and based on the experiences of other organizations, this could take some time.


These are certainly challenging times for this organization as we work tirelessly to restore all functions to their previous state. But I am fortunate to be surrounded by 16,000 talented employees who I know will get us there as quickly as possible.


I again want to thank all of our employees for their dedication and hard work, and our customers for their patience and understanding.

For more information about the cyber security incident, please visit: cyber security update or

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.