![[Ireland] Data breach exposes personal information of 287,000 taxi passengers](http://gpa.net/cdn/shop/articles/bigstock-Taxi-Cabs-In-The-City-Of-Dubli-453953123_1200x.jpg?v=1713480158)
The Irish taxi software firm iCabbi has suffered a data breach that potentially impacted almost 300,000 taxi passengers in Ireland and the UK, Irish Independent reports.
iCabbi described the origin of the breach as “human error”.
The names, email addresses and phone numbers of 287,000 customers based in Ireland and the UK - including those of senior BBC directors, journalists and executives, British government officials and an ambassador to an EU country - were exposed by the blunder.
VPNMentor’s Jeremiah Fowler - the security researcher who discovered the data breach - said an exposed database with almost 23,000 records and documents containing personal information was not password-protected.
When Mr Fowler contacted iCabbi about the breach, an executive reportedly attributed it to “human error” during the migration of a customer database and said that the company would contact customers to make them aware of the issue.
A spokesperson for iCabbi acknowledged the breach in a statement to the Irish Independent and said that the company “took appropriate action and contacted the affected taxi companies”. They didn’t comment on whether any of the affected individuals or companies suffered any loss.
Mr Fowler said, “It is a wake-up call for users to be aware of phishing attempts or suspicious emails from taxi providers.
“Another potential risk would be criminals having access to the contact information and private phone numbers of public officials or those working in the media.”
ICabbi is a software platform for taxi companies providing dispatch, contact and payment systems. In 2022, it claimed to be the largest dispatch technology provider in the world, supplying approximately 100,000 taxis every day in Ireland, the UK, the US, Canada, New Zealand, Australia and Finland.
On VPNMentor’s website, Mr Fowler categorised iCabbi’s response and reaction to his disclosure as “transparency”, he added that “iCabbi acted fast and professionally to secure the data upon receiving my responsible disclosure notice”.
He did, however, reportedly state that potential risks of exposed user data include the possibility of criminal exploitation.
“When criminals know the specific services that customers use as well as their contact details, they have sufficient information to engage in targeted phishing campaigns,” Mr Fowler said.
“In this case, for example, I was able to search for specific domain names such as ‘.gov.uk’ and identify individuals who work at local, regional and national government agencies. These individuals could potentially be higher-value targets compared to the average passenger, depending on the motives behind the hypothetical attack.
“Hypothetically, the most common tactic would be criminals sending mass emails to users under the false pretences that the email is an official communication from a legitimate taxi service using iCabbi’s technology. Cybercriminals could potentially target these individuals to get them to reveal additional personal information, financial or credit card details, passwords, and more.”
An Irish Data Protection Commission spokesperson told the Irish Independent it was “aware of the issue and is engaging with iCabbi on the matter”.
Source: Irish Independent
(Quotes via original reporting)
The Irish taxi software firm iCabbi has suffered a data breach that potentially impacted almost 300,000 taxi passengers in Ireland and the UK, Irish Independent reports.
iCabbi described the origin of the breach as “human error”.
The names, email addresses and phone numbers of 287,000 customers based in Ireland and the UK - including those of senior BBC directors, journalists and executives, British government officials and an ambassador to an EU country - were exposed by the blunder.
VPNMentor’s Jeremiah Fowler - the security researcher who discovered the data breach - said an exposed database with almost 23,000 records and documents containing personal information was not password-protected.
When Mr Fowler contacted iCabbi about the breach, an executive reportedly attributed it to “human error” during the migration of a customer database and said that the company would contact customers to make them aware of the issue.
A spokesperson for iCabbi acknowledged the breach in a statement to the Irish Independent and said that the company “took appropriate action and contacted the affected taxi companies”. They didn’t comment on whether any of the affected individuals or companies suffered any loss.
Mr Fowler said, “It is a wake-up call for users to be aware of phishing attempts or suspicious emails from taxi providers.
“Another potential risk would be criminals having access to the contact information and private phone numbers of public officials or those working in the media.”
ICabbi is a software platform for taxi companies providing dispatch, contact and payment systems. In 2022, it claimed to be the largest dispatch technology provider in the world, supplying approximately 100,000 taxis every day in Ireland, the UK, the US, Canada, New Zealand, Australia and Finland.
On VPNMentor’s website, Mr Fowler categorised iCabbi’s response and reaction to his disclosure as “transparency”, he added that “iCabbi acted fast and professionally to secure the data upon receiving my responsible disclosure notice”.
He did, however, reportedly state that potential risks of exposed user data include the possibility of criminal exploitation.
“When criminals know the specific services that customers use as well as their contact details, they have sufficient information to engage in targeted phishing campaigns,” Mr Fowler said.
“In this case, for example, I was able to search for specific domain names such as ‘.gov.uk’ and identify individuals who work at local, regional and national government agencies. These individuals could potentially be higher-value targets compared to the average passenger, depending on the motives behind the hypothetical attack.
“Hypothetically, the most common tactic would be criminals sending mass emails to users under the false pretences that the email is an official communication from a legitimate taxi service using iCabbi’s technology. Cybercriminals could potentially target these individuals to get them to reveal additional personal information, financial or credit card details, passwords, and more.”
An Irish Data Protection Commission spokesperson told the Irish Independent it was “aware of the issue and is engaging with iCabbi on the matter”.
Source: Irish Independent
(Quotes via original reporting)