Cyber Incident Victim: Davincys

On August 10, 2022, the Société de transport de Sherbrooke (STS) publicly disclosed that Davincys, one of its IT service providers, had suffered a cyberattack disrupting Sherbrooke’s adapted transport services. The attack rendered online booking systems inoperable, forcing passengers requiring wheelchair-accessible or specialized transportation to make reservations by phone instead. STS confirmed the attack exclusively impacted adapted transport operations, with regular urban bus services remaining fully functional. Immediate operational restrictions were implemented, limiting adapted transport to essential trips only—defined as medical appointments, work commutes, and emergencies—until systems could be restored. STS emphasized rapid response efforts were underway with Davincys and cybersecurity experts to contain the incident and restore services, though no timeline for resolution was provided.

The cyberattack’s impact extended beyond Sherbrooke, affecting Davincys’ other municipal transportation clients in Lévis, Trois-Rivières, Saguenay, and Outaouais, all of which experienced similar service interruptions for adapted transport. STS instructed new customers needing La vermeilleuse smart cards or card reprints to contact customer service via a designated phone extension. While the organization assured the public that immediate containment measures had been deployed to limit operational damage, the prolonged outage necessitated sustained manual booking processes. No data breach or ransomware specifics were disclosed, with public communications focusing solely on service availability and contingency procedures. Recovery efforts remained ongoing at the time of reporting, with no additional technical details about the attack’s origin or methodology revealed.