Bus Hack Leads To Public Data Breach
Nearly 450 islanders’ data could have been breached in a hack on CTPlus and Libertybus Jersey’s websites. The Channel Islands bus operators fell victim to a phishing attack.
The attack intercepted the link between the main website and top-up pages for the Puffinpass. A duplicate log-in page was created at some point after 29th April, asking users to fill in their email address or pass number and password.
CT Plus says there is a limited risk of fraudulent activity, with no credit or debit card details accessed, and the central Puffinpass database uncompromised. Emails have been sent to the 361 people in Jersey and 82 people in Guernsey possibly affected telling them their passwords have been automatically reset.
Investigations into how it happened are underway – CT Plus has apologised and says it won’t happen again.
If you have any concerns you can email firstname.lastname@example.org.