Australian law enforcement officers have arrested a man for allegedly hacking the company database of a car-sharing service.
On 30 January, investigators of Strike Force Artsy, a division of the State Crime Command’s Cybercrime Squad, executed a search warrant at a home in Penrose. Officers arrested a 37-year-old man and charged him with two counts of unauthorized access, modification, or impairment with intent to commit a serious indictable offense as well as 33 counts of take and drive conveyance without consent of the owner. They also seized computers, laptops, and electronic storage devices at the residence, a statement released by the NSW Police reveals.
The arrest constitutes the culmination of an investigation that police initiated back in June 2017 when GoGet, an Australian car sharing service, reported an incident in which it had detected unauthorized activity on one of its computer systems. With GoGet’s consent, investigators determined that an unknown actor had accessed the company’s fleet booking system and downloaded a database containing customer identification information. That individual is believed to have then used the stolen data to access GoGet’s vehicles for free between May 2017 and June 2017.
Cybercrime Squad Commander and Detective Superintendent Arthur Katsogiannis said investigators are still looking into what happened:
At this stage, it doesn’t appear that any information, which included customer details and a small number of payment card details, has been used fraudulently or further disseminated, but our inquiries are ongoing.
GoGet says it’s reached out to all individuals affected by this incident. According to a company notice, the person responsible for the hack might have accessed members’ personal information including their names, physical addresses, email addresses, phone numbers, dates of birth, and employers’ names. Affected parties should therefore take extra caution and monitor their credit reports for unusual activity, GoGet recommends.
The car-sharing service reveals it’s also worked with security experts to implement changes that improve its overall network security.
The man arrested by Strike Force Artsy is set to appear before the Wollongong Local Court on 31 January.
News of this incident follows a couple of months after the world learned that a massive breach affecting 57 million Uber customers and drivers went undisclosed for more than a year.