TORONTO – Ontario transit agency Metrolinx says it was the target of a cyberattack that originated in North Korea, but no personal information was compromised and systems that operate its trains and buses were not affected.
Spokeswoman Anne Marie Aikins said Tuesday that the cyberattack happened recently, but would not give a date or what specifically was targeted because of security concerns. “The incident is over, but the investigation of it and the action that we take continues to ensure we continue to protect all of our systems,” she said.
Metrolinx is a Crown corporation that manages transportation services for the Toronto and Hamilton area.
North Korea has been implicated in recent hacks, including the WannaCry ransomware attack that infected hundreds of thousands of computers worldwide and crippled parts of Britain’s National Health Service in May.
U.S. Homeland security adviser Tom Bossert wrote in a Wall Street Journal op-ed last month that North Korea was “directly responsible” for the WannaCry ransomware attack and that Pyongyang would be held accountable for it.
Bossert said the U.S. administration’s finding of responsibility is based on evidence and confirmed by other governments and private companies, including the U.K. and Microsoft.
American officials have also said that North Korea is responsible for the Sony cyberattack in 2014 that dumped personal information of tens of thousands of current and former workers online.
North Korea has denied involvement in both cases.