At least 3,226 user records compromised in Luas cyber attack

The records of those who had signed up for the Luas newsletter had been compromised, Transdev said this afternoon.

LAST UPDATE | Jan 3rd 2019, 7:12 PM

2003 New Luas_90532349 Leah Farrell / Leah Farrell / /

THE LUAS WEBSITE is down for the day after being hacked.

Luas operator Transdev said that the attack was “professional” and that the site is being analysed to see how the attack happened. It said:

We have identified 3,226 user records at this point of the investigation which may have been compromised.

“These are the records of where people signed up to a Luas newsletter. Luas will write to these people within the next 24 hours informing them of the potential breach.”

No financial information has been compromised in this attack, it added. Luas is also in contact with the Data Protection Commissioner.

Visitors to are met with a note demanding payment of one bitcoin, currently worth €3,385.

“You are hacked,” the message read:


It continued: “Some time ago I wrote that you have serious security holes. You didn’t reply the next time someone talks to you, press the reply button.”

The message then demanded payment of one bitcoin within the next five days, or else the hacker claims they will “publish all data and send emails to your users”.

In a tweet, Luas said all travel updates will be provided on Twitter until technicians regain control of the website.

It later said that it will take about a day to resolve the issue with the website.

Transdev said that it would take the day to resolve, and that it would notify its customers when the website is back online:

The website has been taken down by the IT company who manage it, and their technicians are working on it.

Luas are informed this may take the day to resolve. We will update customers via Twitter and Facebook, AA Roadwatch and the media should there be any change to Luas services today.
One possibility is that the hack was a ransomware attack.

This involves finding a security weakness on the website or using leaked or phished login credentials, and using this to install malicious software on computers or servers connected to the site.

The software then locks down the computer’s files using powerful encryption. The hacker will often offer to provide the decryption code in return for payment, to allow owners to regain access.

Another is that the data was stolen in a hack, rather than ransomware being used.

- with reporting from Gráinne Ní Aodha

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel