Luas, Dublin’s tram service, has taken its website offline after a criminal hacker hijacked the site and left a ransom demand.

The crook claims to have breached Luas’s systems and has threatened to publish its customers’ data if the organisation doesn’t pay 1 bitcoin (about €3,375) in the next five days.

Luas hasn’t confirmed any details at the time of writing (including whether it’s been hacked). However, it quickly took its website offline and released the following statement on Twitter:

Due to an ongoing issue, please do not click onto the Luas website. We currently have technicians working on the issue. We will be using this forum only for travel updates should the need arise. For any queries, please contact our customer care number on 1850 300 604. — Luas (@Luas) 3 January 2019

What damage has been done?

Luas’s operations won’t be significantly affected by taking its website offline. The site is mostly used to provide maps, route information and advice on parking. The tram service itself hasn’t been affected by the attack.

But that’s a small consolation when you factor in the ramifications of the data breach. It’s not yet known whether the criminal hacker actually has access to customers’ information, but the public embarrassment of the incident means many people have already made up their minds.

Besides, even if the information wasn’t breached, customers can hardly be confident in the overall state of Luas’s information security.

In all likelihood, Luas will be required to notify Ireland’s Data Protection Commission of the breach in order to comply with the GDPR (General Data Protection Regulation), and could face disciplinary action, including a sizable fine.

Commenting on the incident, IT Governance Director Steve Watkins said: “While we do not yet have the full details of how the ransom attack succeeded, this is a clear reminder that every organisation should ensure its users know how and when to report information security events, and to have arrangements in place to manage those reports in a timely manner.”

Sign up for The Weekly Sentinel for all the latest cyber security news and advice.