Car-sharing company GoGet was compromised, tens of thousands of members info leak
GoGet is the first and largest car sharing service in Australia with operations in five major cities in Australia: Sydney, Melbourne, Canberra, Brisbane, and Adelaide.
According to information posted on the official GoGet website, the car-sharing GoGet service was launched on June 6, 2003, under the name of NewtownCarShare and in May 2005 changed its name to GoGet. Currently, it has more than 90,000 registered members and more than 2,500 vehicles.
On Wednesday, GoGet warned its clients that their car reservation system was hacked last year and that personal details of members registered before July 27 last year have been compromised.
The amount of information leaked depends on the specific profile that GoGet users entered when they filled out the Member Login Form, which may include: name, home address, email address, phone number, date of birth, driver’s license details, employer, emergency contact Person’s name and phone number, and GoGet’s administrative account details.
GoGet said its IT team discovered the invasion on June 27 last year and immediately started a full-scale internal investigation. In the meantime, a report was also made to the New South Wales Police Cybercrime Group. According to the police’s advice at the time, GoGet did not choose to make the matter public.
According to an NSW Police investigation, the suspect was a 37-year-old Illawarra man and was arrested last Tuesday at his home in Penrose.
Police said he entered GoGet’s car reservation system during May-July last year and used the car for “free” service.
In addition, the police found malware on GoGet’s servers to get paid for GoGet membership card details. The malware was activated on May 25 last year and continues through July 27. This means that users who have used GoGet Vehicle Services during that time may have been the victims of payment card detail leaks.
Police in New South Wales is investigating whether malware on the GoGet server was also installed by the suspect.
Both GoGet and New South Wales police stress that there is currently no direct evidence that the suspects have already sold the stolen information or otherwise transmitted it. But for security reasons, GoGet will provide each affected user a one-year annual free credit report from credit reporting agencies Equifax, Dun & Bradstreet and Experian.
Reference: abc.net.au
