You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

13cabs may have suffered a major data breach

Major Australian cab service 13cabs has published a notice detailing a potential cyber attack after it discovered unauthorised activity on its network.

13cabs may have suffered a major data breach
expand image

13cabs, which also runs the Silver Service taxi service, is Australia’s largest taxi company.

On 28 March, the company posted a public statement on its site, revealing that earlier in the month, it had detected that some of its user accounts for 13cabs and Silver Service were “potentially compromised” through “a sophisticated unauthorised type of suspicious activity”.

Despite forced account resets, the number of affected accounts increased to roughly 1.1 per cent of all accounts. While Cyber Daily is unable to determine how many 13cabs accounts exist, over 1 million people have downloaded the app, representing a significant portion of the Australian population.

“13cabs immediately forced a reset of all additional affected accounts. External cyber security specialists have also been engaged to actively conduct thorough investigation and to ensure that our customer accounts are secured,” said 13cabs.

While not much is known and investigations are underway, 13cabs has said that potentially accessed data includes usernames (some of which include real names), addresses, phone numbers, and, for some, eligibility for the Taxi Subsidy Scheme.

However, the company confirmed that no credit card or bank account data was exfiltrated.

“13cabs is still working with technical and legal experts to ensure it fully understands the scope of the unauthorised activity, including any containment measures to help customers mitigate any potential damage resulting from the unauthorised activity,” added the company.

“13cabs has also notified the Office of the Australian Information Commissioner (OAIC) and will notify law enforcement agencies. When our investigation is complete, we will provide an update if any of this information changes.”

At the time of writing, Cyber Daily has not observed any threat actors claiming responsibility for the incident, nor has it been able to identify the details of the unauthorised access.

“We have notified the affected users via SMS and email, and as noted above, we have reset the passwords of every affected user,” 13cabs said.

“Our technical experts are working with us to identify accounts that were used to facilitate unauthorised access via the app. We will be contacting every user we identify as having been used and providing a full refund if there was any such unauthorised access.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.