Cyber attack steals bus customer data
DATA has been stolen from hundreds of bus customers over what could have been a two week period.
CT Plus says it was alerted to an incident involving unauthorised entry to the websites on buses.gg and libertybus.je on Wednesday 15 May.
'A phishing attack was launched that intercepted the link between the main websites and the top-up shop website for the Puffin Pass and the AvanchiCard,' a spokesman said.
A duplicate login to the top-up site was created where users are asked to fill in their email address or pass number and their password.
The site was shutdown on 15 May, but could have been in place in Guernsey and Jersey since 29 April.
'Reports show that in Guernsey 82 people were affected, 361 in Jersey. Due to the nature of the data obtained, there is limited risk of fraudulent activity for those affected. No credit/debit card details were accessed and at no point was the central database of puffinpass or Avanchicard holders compromised.
'All of those individuals affected have been sent an email which explains the level of information that was accessed and advising them that their passwords have been reset. Advice will also being given to all those who use the online shop.'
CT Plus is now working with the regulatory authorities and their suppliers to investigate how the incident occurred.
'CT Plus and Liberty Bus are deeply disappointed that this breach occurred and wish to apologise to those affected.'
Any customers concerned about the issue can contact firstname.lastname@example.org.