The union representing thousands of transit operators in Metro Vancouver says TransLink has not been transparent about a major data breach that affected workers.
Unifor says in a news release Wednesday that the transit authority has been slow to reveal information about December’s cyberattack.
The union says the company took more than two months to admit what information was stolen, including social insurance numbers and bank account details and failed to include Unifor on communications sent to affected workers this week.
It says it has no confidence that it will get answers to questions about the data breach.
Unifor president Jerry Dias says he’s urging TransLink to take a collaborative approach to problem-solving.
TransLink spokeswoman Jill Drews says affected employees began receiving personal notification letters specific to their situation and how they were affected, which were not shared with the union.
“Not every employee would have had every element of their personal information accessed from what we can see right now,” she says.
“So, what the letter does is list out the exact items that may have been accessed.”
The transit authority confirmed in December that it was the target of a ransomware attack on part of its information technology system.
Ransomware is a type of malicious software that disables part of a computer system or access to data until a ransom is paid.
Drews says the company is conducting a “thorough long-lasting forensic investigation,” adding that the cyberattack was “very sophisticated.”
“We’ll investigate and it’s going to take some time to safely bring everything up and get a complete picture of what exactly occurred.”