CityBee was informed on Monday evening that some of its customers’ names, email addresses, personal identification numbers and encrypted passwords had been published on a hacker forum.
“What’s strange is that the (stolen) information is three years old. If it had been stolen in the past, it seems that it should have been released earlier. Why keep it for so long?” Kristijonas Kaikaris told a news conference.
“Another thing is that we no longer have the information that was leaked, because our customer base has grown and the infrastructure has changed.”
Kaikaris said CityBee had not yet received any blackmail threats or payment demands.
The data were released in two portions, which suggests that the cyber criminals are watching for reactions, he said.
CityBee has informed affected customers and set up a hotline. The company cooperates with the police, cyber security experts in Lithuania and abroad in investigating the crime, he said.
“First of all, we’re very sorry. I’ve been personally affected, too, because I’m a CityBee client, as have my family, my friends and my acquaintances. I do understand the sense of insecurity of some of our clients,” the CEO said.
Police have launched a pre-trial investigation. The Lithuanian State Data Protection Inspectorate has started a probe.
“We are currently working with all relevant institutions to prevent further unlawful processing of personal data,” said Raimondas Andrijauskas, the inspectorate’s director.
“We advise people themselves to take safety measures and, first of all, change their passwords,” he added. “[People are warned] against falling victim to fraudsters demanding a ransom and [advised] to follow our information and police information about this incident”.
CityBee recommends its customers to change their passwords.
CityBee operates in Lithuania, Latvia, Estonia and Poland. The company’s vehicle fleet is more than 2,000 vehicles. The client base is over 750,000 people.