Attackers defaced the website of the Luas, the home page displayed a message demanding the payment of 1 bitcoin. The hackers asked the payment within 5 days threatening to “publish all data and send emails to users” if the demand is not satisfied.
“Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button,” reads the message left by the attackers on the website.
Luas initially warned customers of the hack and invited them to avoid accessing the website “due to an ongoing issue,” the organization later confirmed that the website was compromised.
At the time of writing, the website of the Luas is still offline. the analysis of the bitcoin address provided by the attackers confirmed that
It is not clear if the hackers have stolen data, Luas only collect some specific customers’ data, including name, mobile phone number, and email address.
The compromised site doesn’t contain financial data because customers buy tickets on a different website (payments[.]luas.ie) that was not affected by the hack.
In 2016, another public transport system was hacked,
(SecurityAffairs – defacement, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.