Alleged hacker charged over GoGet breach

Illawarra man allegedly used data to illicitly access car-sharing service

New South Wales police have charged a man for allegedly accessing a database of GoGet in order to steal cars.

A 37-year-old Illawarra man was charged by detectives from NSW’s Cybercrime Squad.

The charges follow the establishment last year of Strike Force Artsy to “investigate unauthorised access to the administrative section of a company website,” police said in a statement.

Police have alleged that the information was used to illicitly access the car-sharing service's vehicles more than 30 times between May and July 2017.

“On 27 June 2017, GoGet’s IT team identified suspected unauthorised activity on its system and a full internal investigation was immediately commenced,” GoGet CEO Tristan Sender said in a statement.

“GoGet quickly reported the incident to the NSW Police’s Cybercrime Squad and has since worked closely with NSW Police which has culminated in the arrest of a suspect — an unusual and welcome outcome in a case like this.”

“Although the investigation by NSW Police is ongoing, it appears that the suspect was accessing GoGet’s systems in an attempt to use GoGet vehicles without permission,” the CEO said.

“In the process, as part of his overall activity on the system, it also appears that the suspect has accessed personal information of GoGet’s members and individuals who have previously attempted to create a GoGet account.”

The information potentially included names, addresses, email addresses, phone numbers, dates of birth, driver licence details, employers, emergency contact names and phone numbers, and GoGet administrative account details.

GoGet said that police also "investigating whether the suspect was responsible for installing software onto GoGet’s systems to access payment card details of a small group of individuals when they signed up to the service through GoGet’s website or updated their payment card details".

“At this stage, it doesn’t appear that any information, which included customer details and a small number of payment card details, has been used fraudulently or further disseminated, but our inquiries are ongoing,” Detective Superintendent Arthur Katsogiannis said.

“Strike Force Artsy demonstrates the successes that can be achieved when police and industry work together to combat cybercrime,” Katsogiannis said.

Katsogiannis praised GoGet’s response to the alleged hack.

“It is important to acknowledge the proactive approach taken by this company; not only was the incident swiftly identified and reported to police, they were also diligent in their assistance to detectives,” he said.

“I cannot emphasise enough how important the company’s early report and collaborative approach were to the success of the investigation.”

GoGet has established a web page to provide more information to customers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitycyber securityGoGet

More about NSW PoliceStrike

Show Comments