Taxi booking company Cabcharge is notifying some 3400 cardholders, after details of their personal data and stored transactions were published online.
The Cabcharge taxi management system includes “copies of partial credit card numbers, drop-off location, pick-up location, as well as client and driver identifier information including names,” according to US-based cyber vulnerability research company, Risk Based Security, which discovered the fault.
Cabcharge chief executive Andrew Skelton yesterday said most of the information was old, contained inactive Cabcharge Fastcard numbers and expiry dates, and there had been no misuse of the accounts.
However, as many as 3443 active Cabcharge Fastcard accounts were affected, he said, adding: “As a precaution, we are cancelling affected Fastcards and reissuing new cards with additional security features.”
The 3.6-gigabyte database reportedly used default authentication without any security, log-in, or passwords to secure the past records of thousands of cab rides. The information was also said to include credit card details – but only the last four digits of the credit-card number.