Cyberattack on TransLink plays havoc with payroll
Transit employees across Metro have been forced to take advances in lieu of paycheques since TransLink was hit by a ransomware attack earlier this year.
The payroll workaround is intended to give the company time to safely restore its compromised computer systems, but it will have left some employees short, said Balbir Mann, head of Unifor Local 111.
“It's frustrating and hard for our membership,” Mann said of the payroll problems.
“But (TransLink has) been telling us they're doing everything possible that they can. Payroll is the No. 1 unresolved issue out there. Once the system goes up, the first thing is payroll.”
A memo sent last week from Unifor to affected members stated that it “will take some time” to get the systems back online. The memo
states that payroll is a priority service, but restoring it is being done carefully to make sure the systems are clear of malware.
Because of the outage, transit workers received pay advances through December rather than a normal paycheque. Employees aren't seeing formal deductions like pension, taxes or union dues from their advances, but rather, having cash withheld to cover those costs once the payroll system is restored.
One consequence of the workaround is that overtime isn't being paid out right now. But employees can request $500 bumps in their advance pay to account for expected shortfalls.
“Is it going to be 100 per cent accurate? No. But they're giving us assurance that they're willing to help out anybody who requests (it),” Mann said.
Asked whether he believed TransLink was prepared for the attack, Mann said he did. He guessed it could still be a few weeks before the payroll system was back online.
Dominic Vogel, a cybersecurity expert and founder and chief strategist of Vancouver-based firm CyberSC, said it isn't necessarily a poor reflection of a company's technical capabilities when it's hit by a successful ransomware attack. And he said it can be a very substantial task for a company and its IT team to repair the damage done in an attack.
“I guarantee they have been working tirelessly, even throughout the holidays to try and recover this,” he said.
Earlier this month in a news release, TransLink CEO Kevin Desmond confirmed the transit authority had been attacked.
“Upon detection, we took immediate steps to isolate and shut down key IT assets and systems in order to contain the threat and reduce the impact on our operations and infrastructure,” he said.
Desmond said TransLink planned to do a “comprehensive forensic investigation” to find out how the ransomware attack happened and what information might have been accessed. But, he said, TransLink uses a third-party
payment processor for fare transactions and it doesn't store fare payment data.
Ben Murphy, a TransLink spokesman, said the advance pay workaround has resulted in employees receiving the same as their regular pay, or close to it. Deductions and any discrepancies will be reconciled in future, he said.
Murphy said TransLink is still investigating the attack.
Earlier this year, Simon Fraser University was hit with a ransom
ware attack and those associated with the university were advised to change their IDs and passwords. The information exposed during the breach included student and employee numbers, names, birth dates, course enrolment, external emails, data forms and encrypted passwords.
Last year, LifeLabs was hit by a cyberattack, then paid a ransom to secure data that had been accessed. Michael McEvoy, the province's information and privacy
commissioner, said after a joint investigation into the matter that LifeLabs exposed British Columbians and millions of other Canadians to potential identity theft, financial loss and reputational harm.
He said the investigation reinforced the need for legislative changes that allow regulators to impose financial penalties on companies that violate people's privacy rights.