GoGet has issued a statement after authorities apprehended the hacker that it suffered a data breach attack in June last year where customer information was stolen.
GoGet is a car-sharing firm in Australia and has more than 90,000 customers and runs more than 2,300 cars across Australia. In June last year, GoGet suffered a data breach attack in which the attacker was able to download customers’ personal data.
The 37-year old hacker from Illawara was apprehended by the New South Wales Police Cybercrime Squad on Tuesday from his home in Penrose. The authorities also seized laptops, computers and electronic storage devices. He has been charged with unauthorized access, modification, intent to commit the serious indictable offense as well as 33 counts of taking and drive without owner consent. These charges are consistent with his two separate unauthorized accesses to the GoGet database between May and July 2017 when he used the stolen data to access vehicles at least 33 times.
When asked about the nature of the data stolen in this data breach attack, GoGet stated that it varied according to the information customers had provided on their accounts. But mostly it included a large amount of personal information like name, birthdates, phone numbers, email addresses, driving license, emergency contact details, etc. Authorities are also investigating whether this hacker was the one behind the malware installed on GoGet systems to steal card details whenever a user signed up for the service or changed card information. While GoGet states that it does not store card information and it is instead handled by a third-party merchant, customers who signed up for GoGet between 25 May and 27 July have had their info compromised.
It comes as a surprise to most that GoGet waited for seven months before notifying customers and issuing a statement about this breach. In their defense, GoGet said that they wanted to prevent dissemination of the information by making the news public. They waited to announce this breach until the perpetrator was apprehended by the authorities.
So far, there are no signs that the stolen information was disseminated further. For those whose card information was compromised, GoGet is offering one year’s free credit report. However, those who follow the latest cybercrime news would be slightly worried, since one of the companies listed on the free credit report is Equifax, which suffered a major data breach attack itself recently.
GoGet said it didn’t want to risk the information being disseminated by making an announcement about the breach when IT personnel first identified something was amiss on June 27, 2017. Their only way to help their customers, in their view, was to bring the one responsible to justice.
GoGet initiated a full internal investigation immediately after the breach and stayed mum on the subject on the advice of the authorities. However, such a thing might never happen again in the future, with a new data breach notification law coming into effect on February 22 in Australia where it will be mandatory for the government agencies and organizations attacked to inform the public of the event without losing any time. Severe penalties will be enforced on defaulters.