The website of the tram system in Dublin, the Luas, was hacked on Thursday, attackers claim to have the access to information stored on the organization’s systems.

Attackers defaced the website of the Luas, the home page displayed a message demanding the payment of 1 bitcoin. The hackers asked the payment within 5 days threatening to “publish all data and send emails to users” if the demand is not satisfied.

“Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button,” reads the message left by the attackers on the website.

Luas initially warned customers of the hack and invited them to avoid accessing the website “due to an ongoing issue,” the organization later confirmed that the website was compromised.

We will update customers via Twitter and Facebook, AA Road Watch and the media should there be any change to Luas services today. Customers can also contact Luas Customer on 1850 300 604 and info@luas.ie . We apologies to all Luas customers for the inconvenience. — Luas (@Luas) January 3, 2019

At the time of writing, the website of the Luas is still offline. the analysis of the bitcoin address provided by the attackers confirmed that organization did not pay the ransom.

It is not clear if the hackers have stolen data, Luas only collect some specific customers’ data, including name, mobile phone number, and email address.

The compromised site doesn’t contain financial data because customers buy tickets on a different website (payments[.]luas.ie) that was not affected by the hack.

In 2016, another public transport system was hacked, a ransomware infected the San Francisco’s transport system.

Pierluigi Paganini

(SecurityAffairs – defacement, hacking)

Share this...

Linkedin Reddit Pinterest

Share On