Home / 3,000 customers at risk of data breach as Luas website hacked

More than 3,000 Luas users may have had their information compromised after the company’s website was hit by a cyber-attack.

As the investigation into the “professional attack” continues, the tram operator identified 3,226 people who signed up to the Luas newsletter as potential victims of the breach.

However, they say no financial information has been compromised.

Transdev has since taken its site offline, after a message appeared on its homepage yesterday morning demanding one Bitcoin, which is worth around €3,382.

A spokesperson for the operator said it would write to the affected people within 24 hours informing them of the potential breach.

The company has also contacted the Data Protection Commissioner.

“As the investigation is ongoing, there is currently no estimation as to the full damage done to the site,” a spokesperson said.

“A date/time for a full restoration of the site cannot be ascertained. Luas technicians are working on a temporary site for customer information which will be up and running ASAP.

“Luas is operating in accordance with early detection and timely countermeasures to mitigate the impact.

“We would like to apologise for any inconvenience caused to our customers as a result of this cyber-attack.”

The hacker has threatened to publish “all data” if the ransom is not paid in five days.

A message on the website yesterday morning read: “You are hacked… some time ago i wrote that you have serious security holes… you didn’t reply… the next time someone talks to you, press the reply button… you must pay 1 bitcoin in 5 days… otherwise I will publish all data and send emails to your users.”

James Canty, a cyber-security expert with communications firm Magnet Networks, said it seemed the hacker was out to prove a point, rather than seeking financial gain.

“It looks to me like this individual wanted to show the company how easy it was to bypass their security system and gain access to their website,” he said.

“However, the first thing I would strongly recommend Luas to do is to thoroughly examine all of its IT systems.

“It’s possible that the hacker can jump from one server to the next and gain entry to some very sensitive data.”