Dublin-based tram service provider, Luas, confirmed through social media that its website was hacked Thursday morning. After a malicious message demanding a payment of one Bitcoin was posted to the site, the company issued a tweet asking users to refrain from clicking on the website.
It appears as though the attacker has compromised the website as a sort of punishment for Luas not having addressed security issues the malicious actor had previously reported to the company.
“The website has been taken down by the IT company who manage it and their technicians are working on it. Luas are informed this may take the day to resolve. We will update customers via Facebook, Twitter @Luas, AA Roadwatch and the media should there be any change to Luas services today. Customers can also contact Luas Customer Care on LoCall 1850 300 604 and info@luas.ie. We apologise to all Luas customers for the inconvenience,” Luas wrote on its Facebook page.
A Luas spokesperson reportedly described the website as relatively static, which means that it does not interact with other sites that hold more sensitive customer information. In commenting on the potential risks due to the hack, BH Consulting CEO Brian Honan explained: “Depends on the actual impact but if it is a static site (as claimed in a statement by a spokesperson for Luas) then this is nothing more than an impact on the brand and reputation of the site.”
There are no reports that service has been impacted, and Luas said it will continue to keep customers updated via Twitter and Facebook as is necessary.
Infosecurity contacted Luas, which responded in an email stating: "There is currently a meeting taking place within our communications department to discuss the events that occurred today with the Luas website. Once the meeting has commenced, we will be releasing a press release shortly after 16:30. Please be on the lookout for this on our Twitter as well as our Facebook."