The following statement was received from TransLink CEO Kevin Desmond at 4:59 p.m. today (December 3):
“We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure. This attack included communications to TransLink through a printed message.
TransLink employs a number of tools to prevent, identify and mitigate these types of attacks. Upon detection, we took immediate steps to isolate and shut-down key IT assets and systems in order to contain the threat and reduce the impact on our operations and infrastructure. We are now working to resume normal operations as quickly and safely as possible.
We will be conducting a comprehensive forensic investigation to determine how the incident occurred, and what information may have been affected as a result. We want to assure our customers that TransLink does not store fare payment data. We use a secure third-party payment processor for all fare transactions, and we do not have access to that type of data.
Customers can once again use credit cards and debit cards at Compass vending machines and Tap to Pay fare gates. Customers who recently purchased monthly passes or stored value will soon see the credit loaded onto their Compass Card. All transit services continue to operate regularly, and no transit safety systems are affected.
We are sharing as much as we can at this point considering that this is an active investigation. We feel it is important to keep our customers and employees as informed as possible in the circumstances. We are also sharing this update in order to alert other organizations about the dangers of this ransomware attack.
We apologize to our customers for this inconvenience and appreciate their ongoing patience. We will provide further updates as more information becomes available.”