Dublin’s tram service website taken offline after being held to ransom

Luas, Dublin’s tram service, has taken its website offline after a criminal hacker hijacked the site and left a ransom demand.

The crook claims to have breached Luas’s systems and has threatened to publish its customers’ data if the organisation doesn’t pay 1 bitcoin (about €3,375) in the next five days.

Luas hasn’t confirmed any details at the time of writing (including whether it’s been hacked). However, it quickly took its website offline and released the following statement on Twitter:

What damage has been done?

Luas’s operations won’t be significantly affected by taking its website offline. The site is mostly used to provide maps, route information and advice on parking. The tram service itself hasn’t been affected by the attack.

But that’s a small consolation when you factor in the ramifications of the data breach. It’s not yet known whether the criminal hacker actually has access to customers’ information, but the public embarrassment of the incident means many people have already made up their minds.

Besides, even if the information wasn’t breached, customers can hardly be confident in the overall state of Luas’s information security.

In all likelihood, Luas will be required to notify Ireland’s Data Protection Commission of the breach in order to comply with the GDPR (General Data Protection Regulation), and could face disciplinary action, including a sizable fine.

Commenting on the incident, IT Governance Director Steve Watkins said: “While we do not yet have the full details of how the ransom attack succeeded, this is a clear reminder that every organisation should ensure its users know how and when to report information security events, and to have arrangements in place to manage those reports in a timely manner.”

Sign up for The Daily Sentinel for all the latest cyber security news and advice.

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.