Metrolinx confirmed that a cyberattack traced to a North Korean source breached a firewall but affected a system not tied to customer data, employee data, or safety systems. The transit agency said its joint security operation with the province detected and responded to the intrusion quickly, and that the attack appeared to be routed through Russia. The article places the incident in the context of North Korea’s demonstrated cyber capability, including public attribution for WannaCry and the Sony Pictures hack, while noting that motives such as probing transit agencies were conjecture. The case matters because it shows a Canadian public transit operator treating North Korean-origin activity as a real network intrusion even without evidence of data compromise.