Skip to content
Photo of streetcar

Toronto Transit Commission (TTC) is a public transit agency that provides an average of 1.1 million rides per day on its transit system. Pre-pandemic there were 1.7 million average daily rides. It is the largest public transit system in Canada and the third largest in North America.

Canadian Cyber Centre in its ‘National Threat Assessment 2023-2024’ has identified the transportation sector as a critical infrastructure sector that is increasingly at risk from cyber threat activity.

According to the Canadian Cyber Centre National Cyber Threat Assessment:

“Critical infrastructure is still a prime target for both cybercriminals and state-sponsored actors alike.”

“…Ransomware is a persistent threat to Canadian organizations… Critical infrastructure is increasingly at risk from cyber threat activity…” and “Cybercriminals deploying ransomware… will continue to adapt their methods to maximize profits…”

Information technology plays a vital role in all aspects of TTC operations. In 2021, TTC became a victim of a ransomware cyber-attack. Cyber attackers affected several computer systems and critical services, including the VISION system that is used to communicate with vehicle operators, online Wheel Transit bookings, and TTC’s internal email service.

Cyber-attacks on Public Transit Systems in North America

According to the Washington Post article published on May 19, 2023, a former contractor for the Washington Metropolitan Area Transit Authority (WMATA) managed to log in and access critical and sensitive WMATA systems from overseas, despite the termination of this individual’s contract.

The article also cited other cybersecurity incidents on transit systems, such as:

  • A ransomware gang said this year that it exposed stolen data from San Francisco’s Bay Area Rapid Transit.
  • Two years ago, hackers hit both New York’s Metropolitan Transit Authority and the Toronto Transit Commission.
  • In 2020, ransomware struck Vancouver’s TransLink, leading to the disabling of its payment systems. That caused issues for some riders. The hackers also accessed employees’ sensitive personal information, and TransLink lost its communications systems.
  • Also in 2020, hackers hit the Southeastern Pennsylvania Transportation Authority with a ransomware attack.

Cyber attacks continue to occur on public sector organizations. More recently, Toronto Public Library became victim of a cybersecurity attack. CityNews Toronto in its November 2, 2023 newscast reported the following:

The Toronto Public Library (TPL) continues to deal with a cybersecurity incident that came to its attention last weekend.

The TPL website remains down, and online services such as “Your account,” digital collections, computers and printers at branches are out of service.

The Auditor General has been proactive in her audits of cybersecurity and has completed several vulnerability assessments and penetration testing of critical systems at the City, and its agencies and corporations. In March 2022, the Auditor General completed the phase 1 audit on critical IT assets and processes used to manage IT system users at TTC. The public report is available at:

Toronto Transit Commission Cybersecurity Audit Phase 1: Critical IT Assets and User Access Management

This Phase 2 report includes the results of our cybersecurity audit of TTC’s IT network, systems and applications. The report contains three administrative recommendations and nine confidential recommendations. The confidential findings and recommendations are contained in Confidential Attachment 1 to this report. The Auditor General will re-test cybersecurity controls after management has implemented the recommendations.

This report contains three administrative recommendations. The confidential findings and recommendations from our audit are contained in Confidential Attachment 1.

Confidential Attachment 1 to this report involves the security of the property of the City of Toronto or one of its agencies and corporations.