Cyber Incident Victim: Transdev Dublin Light Rail Limited
Date:
Jan 2019
Location:
Ireland
Summary
A tram operator experienced a ransomware attack compromising over 3,000 newsletter subscriber records, though no financial data was accessed. The attackers defaced the website with a message demanding payment of one Bitcoin within five days to prevent data publication and user notifications, prompting immediate site shutdown. Technicians initiated forensic analysis while developing a temporary customer information portal, acknowledging the attack exploited undisclosed security vulnerabilities. Authorities and the Data Protection Commissioner were notified as investigations continued without a confirmed restoration timeline. Cybersecurity experts highlighted the incident as part of a broader resurgence in aggressive ransomware campaigns targeting organizational backups and networks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 3, 2019, the Luas tram operator's official website was compromised in a cyber attack, leading to the exposure of 3,226 user records associated with newsletter sign-ups. The breach was discovered Thursday morning when a defacement message appeared on the site stating "You are hacked" and referencing "serious security holes." Attackers demanded payment of 1 Bitcoin (approximately €3,400 at the time) within five days, threatening to publish stolen data and notify affected users if unpaid. Luas immediately took the website offline upon detection and initiated forensic investigations by IT technicians. The company confirmed no financial information was compromised but could not estimate the full extent of damage to their systems during the ongoing investigation. Technical teams worked to develop a temporary customer information site while analyzing the breach's origin and attempting full restoration. Luas notified Ireland's Data Protection Commissioner and committed to informing potentially affected users via written correspondence within 24 hours.
The attack disrupted normal customer communications through Luas's primary web platform, though tram services continued unaffected. Security experts characterized the incident as a ransomware attack leveraging website vulnerabilities, with Brian Honan noting such exploits target commonly overlooked security weaknesses. Concurrently, cybersecurity firm Smarttech 247 reported observing increased ransomware activity in early 2019, including two international companies with Irish operations paying ransoms of €70,000 and €23,000 in Bitcoin. Luas maintained operational continuity through early detection protocols while Garda National Economic Crime Bureau assessed reports of the breach. Industry analysts like Joe Brady observed evolving ransomware tactics targeting backup systems and network propagation, marking a resurgence after decreased prevalence in 2017. The company publicly apologized for customer inconvenience while continuing restoration efforts without providing a definitive timeline for full service recovery.