Skip to content
  1. Home
  2. BC News

Metro Vancouver Transit Police files hacked in raid linked to Russian extortion gang

NEW WESTMINSTER, B.C. — Metro Vancouver Transit Police say the agency was targeted by hackers who accessed almost 200 of its files as part of a global wave of attacks that U.S. officials have blamed on a Russian cyber-extortion gang.
Canadian Press
20230619200612-6490ef4c5267eaad3aa49048jpeg
Jen Easterly, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, speaks on Feb. 16, 2023, in Washington. Metro Vancouver Transit Police say the agency was targeted by hackers who accessed almost 200 of its files, as part of a global wave of attacks that U.S. officials have blamed on a Russian cyber-extortion gang. THE CANADIAN PRESS/AP-Patrick Semansky

NEW WESTMINSTER, B.C. — Metro Vancouver Transit Police say the agency was targeted by hackers who accessed almost 200 of its files as part of a global wave of attacks that U.S. officials have blamed on a Russian cyber-extortion gang.

The police service says in a news release that a thorough review is underway to determine what information was contained in the 186 files that were accessed in the attack on a third-party file transfer system called MOVEit.

It says the hackers did not gain access to the Transit Police network, and the software vulnerability has been patched and repaired.

The agency says it's not expected the incident will have any impact on investigations or prosecutions.

It says an investigation is being conducted by the RCMP's cybercrime investigative teams in Montreal and Vancouver.

MOVEit, which is widely used by businesses and government agencies to share files, was hit recently by an extortion syndicate that last week gave its victims a deadline to negotiate a ransom or risk having sensitive data dumped online. 

The Cl0p gang, among the world’s most prolific cybercrime syndicates, also claimed it would delete any data stolen from governments, cities and police departments.

Other known victims include the Nova Scotia provincial government, Louisiana’s Office of Motor Vehicles, Oregon's Department of Transportation, British Airways, the British Broadcasting Company and the British drugstore chain Boots.

The parent company of MOVIEit's U.S. maker, Progress Software, alerted customers to the breach on May 31 and issued a patch. But cybersecurity researchers say scores if not hundreds of companies could by then have had sensitive data quietly taken.

Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, told reporters last week that the Cl0p campaign was short, relatively superficial and caught quickly.

A senior official in the security agency said the U.S. has "no evidence to suggest co-ordination between Cl0p and the Russian government."

— With files from The Associated Press.

This report by The Canadian Press was first published June 19, 2023.

The Canadian Press