Cyber Incident Victim: Metrolinx

In January 2018, Ontario transit agency Metrolinx publicly disclosed it had been targeted by a cyberattack originating from North Korea. The Crown corporation, responsible for managing transportation services across the Toronto and Hamilton regions, confirmed the incident had recently occurred but withheld specific dates and targeted systems citing security protocols. Spokesperson Anne Marie Aikins emphasized that no personal information was compromised during the breach and assured the public that critical operational systems controlling trains and buses remained unaffected. While declaring the active phase of the attack had concluded, Aikins stated investigations and protective measures were ongoing to safeguard infrastructure. The announcement came amid heightened global scrutiny of North Korean cyber activities, though Metrolinx provided no technical details regarding attack vectors, intrusion methods, or data access attempts.

The incident occurred against a backdrop of North Korea's alleged involvement in major cyber campaigns, including the May 2017 WannaCry ransomware outbreak that disrupted Britain's National Health Service and affected hundreds of thousands of computers worldwide. U.S. Homeland Security Advisor Tom Bossert had publicly attributed WannaCry to North Korea weeks before the Metrolinx disclosure, citing corroborated evidence from allied governments and private firms like Microsoft. North Korea also faced U.S. accusations for the 2014 Sony Pictures hack that leaked employees' personal data, though it denied involvement in both incidents. Metrolinx did not specify whether technical links existed between its breach and these prior campaigns, nor did it identify operational disruptions or financial impacts beyond confirming defensive investigations continued post-incident.