Australian car sharing service defrauded and customer data exposed to hacker

Synopsis

As more goods and services become facilitated through internet-enabled devices, security at a distance whilst maintaining optimal levels of customer service becomes part of the challenge.

In June 2017, a malicious third party accessed the company's database by exploiting software vulnerabilities in the company's fleet booking system resulting in the use of the company's physical properties (rental cars) without their consent over 30 times. It turned out the malicious third party was both a security researcher and customer of the car service.

In January 2018, he arrested over the incident and in 2019 he plead guilty to five counts of take and drive conveyance without consent of owner and to one count each of dealing with identity and dishonestly obtaining financial advantage by deception. For these charges, he was sentenced to five years of community corrections (including 400 hours of community service work) and ordered to pay restitution to those impacted by his actions.

Book a consultation

Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:

Companies

  • CarShare Australia Pty Ltd.
  • GoGet CarShare

We've done the analysis so you can make the decisions

$489.99
When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here