Australian cab service 13cabs reveals a significant customer data breach

Australian cab services provider 13cabs said it experienced a serious cyber security incident that compromised the sensitive personal information of its customers and the users of the Silver Service app. 

 

With a fleet of over 10,000 vehicles, 13cabs operates in Sydney, Melbourne, Adelaide, Brisbane, Perth and Newcastle. Its premium section, Silver Service, is one of Australia’s largest premium taxi service entities.

 

In a data security incident notice published on its website, 13cabs said that On 14 March, it became aware that some of its 13cabs and Silver Service app user accounts were potentially compromised as a result of an unauthorised network infiltration. 

 

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. 

 

“It is likely the unauthorised activity was undertaken using data sourced from the dark web,” 13cabs said. “Despite measures, it was discovered that the affected accounts had increased to circa 1.1% of all our accounts.”

 

While its investigation is still ongoing, 13cabs has carried out a forced reset of all affected accounts’ passwords. The company added that its preliminary investigation has confirmed that the threat actor accessed its customers’ sensitive personal information, including their usernames, phone numbers, addresses and Taxi Subsidy Scheme details.

 

13cabs added that no credit card or bank account information was accessed during the incident. “13cabs is still working with technical and legal experts to ensure it fully understands the scope of the Unauthorised Activity including any containment measures to help customers mitigate any potential damage resulting from the Unauthorised Activity. 

 

“13cabs has also notified the Office of the Australian Information Commissioner (OAIC) and will notify law enforcement agencies. When our investigation is complete, we will provide an update if any of this information changes,” the taxi provider added.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on 13cabs. The company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.