In a late afternoon press release, the City of Ottawa is notifying everyone who subscribes to the OC Transpo My Alerts system that their email address and their password to the system may have been compromised.
No financial or credit card information was affected.
The OC Transpo My Alerts system allows customers to subscribe for email or text message notifications about changes to transit service. There is no impact to the City of Ottawa payment system, the OC Transpo network or the Presto Card system. None of these networks are linked to the OC Transpo Alerts system.
The City is urging all subscribers who use the same password for multiple accounts to change their passwords. Since the passwords for the OC Transpo My Alerts system have been compromised, other private accounts that use the same password could be at risk. The Canadian Centre for Cyber Security advises against using the same password for multiple accounts.
The OC Transpo My Alerts log-in system has been temporarily closed. New registrations are not possible at this time. Subscribers who have any questions should contact the OC Transpo Customer Service Centre at 613-741-4390.
Residents who have signed up for My Alerts will continue to receive them. OC Transpo’s other communication channels remain in operation. Customers can follow @octranspolive or @oc_transpo for real-time information, or check OCTranspo.com for the latest information on service and upcoming changes.
The safety and security of all customers is our top priority. The City is investigating to determine how and when this information was accessed and have retained the services of a third-party expert in cyber security to re-examine the system and ensure the vulnerability that caused this issue is resolved.
The City says, “We would like to apologize to all subscribers of the OC Transpo My Alerts system for this security incident. The City is committed to protecting the privacy of all customers including offering a highly secure alert system”.