January 31, 2018

Australia’s biggest car sharing service reveals data hack seven months late

GoGet, Australia’s biggest car-sharing service, has revealed a data breach took place seven months ago, in June 2017.

Established in 2003, the company allows people to use and borrow cars without owning them. Customers pay an annual fee and can then access vehicles as an when they need them. GoGet says it has around nearly 100,000 members across Australia.

The data breach involved a suspected hacker gaining access to GoGet’s booking system. This was reportedly in order to use the company’s cars without permission or payment.

According to an email informing customers about the data breach, GoGet said the individual also accessed “personal data” belonging to GoGet members in order to book the cars. This includes names, addresses, email addresses, phone numbers, dates of birth, drivers licence details and other administrative account details.

The importance of the data accessed raises the question of why it took the company so long to report the breach. It turns out, GoGet has been working with the New South Wales (NSW) police force to catch the hacker and was advised to keep the hack quiet.

A suspect has been arrested now.

At the moment, there has been no evidence to suggest the hacker spread any of the stolen information. In addition, though payment details were not accessed, the police is also investigating whether the hacker had tried to access GoGet customers’ payment card details held by a third party.

The company has advised customers to monitor their bank accounts for unusual activity.

GoGet’s chief executive, Tristan Sender, said in a statement:

“We are sorry that this has happened. We take your privacy very seriously and have been working hard to get the best outcome from this police investigation.”

Why is the GoGet hack concerning?

At the moment, there isn’t much information about the GoGet hack, such as the amount of customers affected. Verdict has contacted GoGet for more information.

What we do know is that there was a lot of personal information implicated in the hack. This included identifiable information like home addresses and telephone numbers. If this information was leaked, that would be scary for the customers involved.

In addition, though the hack happened back in June 2017, the fact customers are only now aware is also distressing.

There were some really big data breaches disclosed last year, such as the Uber hack. This was when two hackers managed to access the information of 50m Uber riders and 7m drivers worldwide. It happened back in 2016 but was initially covered up by the company.

The GoGet hack is not on this scale, due to GoGet having fewer customers than Uber, under 100,000. But it still raises difficult for the sharing economy concerning the openness it proliferates, and what happens when that openness is taken advantage of.

Topics in this article: