Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
Major Australian cab service 13cabs has published a notice detailing a potential cyber attack after it discovered unauthorised activity on its network.
13cabs, which also runs the Silver Service taxi service, is Australia’s largest taxi company.
On 28 March, the company posted a public statement on its site, revealing that earlier in the month, it had detected that some of its user accounts for 13cabs and Silver Service were “potentially compromised” through “a sophisticated unauthorised type of suspicious activity”.
Despite forced account resets, the number of affected accounts increased to roughly 1.1 per cent of all accounts. While Cyber Daily is unable to determine how many 13cabs accounts exist, over 1 million people have downloaded the app, representing a significant portion of the Australian population.
“13cabs immediately forced a reset of all additional affected accounts. External cyber security specialists have also been engaged to actively conduct thorough investigation and to ensure that our customer accounts are secured,” said 13cabs.
While not much is known and investigations are underway, 13cabs has said that potentially accessed data includes usernames (some of which include real names), addresses, phone numbers, and, for some, eligibility for the Taxi Subsidy Scheme.
However, the company confirmed that no credit card or bank account data was exfiltrated.
“13cabs is still working with technical and legal experts to ensure it fully understands the scope of the unauthorised activity, including any containment measures to help customers mitigate any potential damage resulting from the unauthorised activity,” added the company.
“13cabs has also notified the Office of the Australian Information Commissioner (OAIC) and will notify law enforcement agencies. When our investigation is complete, we will provide an update if any of this information changes.”
At the time of writing, Cyber Daily has not observed any threat actors claiming responsibility for the incident, nor has it been able to identify the details of the unauthorised access.
“We have notified the affected users via SMS and email, and as noted above, we have reset the passwords of every affected user,” 13cabs said.
“Our technical experts are working with us to identify accounts that were used to facilitate unauthorised access via the app. We will be contacting every user we identify as having been used and providing a full refund if there was any such unauthorised access.”
Be the first to hear the latest developments in the cyber industry.