Dublin-based iCabbi potentially exposed 300,000 customer records in UK/Ireland

[watty]

iCabbi says the problem is fixed now.

Global taxi software vendor exposes details of nearly 300K across UK and Ireland

Taxi software biz iCabbi recently fixed an issue that exposed the personal information of nearly 300,000 individuals via an unprotected database. The names, email addresses, phone numbers, and user IDs of the 287,961 affected individuals in the UK and Ireland were all exposed online. According to research shared with The Register ahead of publication, the details of individuals with senior roles in media outlets such as the BBC and various government departments such as His Majesty's Treasury, the UK Home Office, and the Ministry of Justice were included.  A number of former UK Members of Parliament (MPs), as well as one senior policy advisor and one EU ambassador, were caught up in the data exposure, it's understood.  Around 2,000 academic email addresses (those with .ac.uk domains) were also visible in the exposed data set. Jeremiah Fowler, the cybersecurity researcher who disclosed the findings to vpnMentor, said every account appeared to be unique, with no duplicates.  Such data could theoretically be used in convincing phishing scams that impersonate the taxi company, using the victim's full name and appearing legitimate by knowing other details, including their user IDs.

Dublin-based iCabbi provides software to more than 800 taxi fleets in 15 countries, including apps that comprise an entire platform. Dispatch is a system to manage fleet dispatching and BookApp is the underlying technology that allows taxi companies to provide a consumer-facing ride-hailing app experience without a bespoke application.  The company also offers software such as BookBusiness to more easily manage account-based customers, BookVoice for automated voice booking, and a suite of driver apps for things like navigation and in-car payments.  The exposed data appears to be related to the customer-facing apps powered by iCabbi's technology, given that staff details weren't included in the exposure.

<snip>

iCabbi didn't respond to El Reg's repeated requests for comment, but it did tell Fowler that human error was the cause of the security snafu, as is so often the case.  "Thanks again for bringing this to my attention – we have deleted the records," a company representative told the researcher. "Human error to blame here unfortunately … part of a migration of customers but we should not be using public folders. We are going to engage with customers to make them aware of this breach."  To iCabbi's credit, the company addressed the issue within a day, and according to Fowler responded to his disclosure professionally.

<snip>

 

[silverbullet]

iCabbi says the problem is fixed now.

Global taxi software vendor exposes details of nearly 300K across UK and Ireland

Taxi software biz iCabbi recently fixed an issue that exposed the personal information of nearly 300,000 individuals via an unprotected database. The names, email addresses, phone numbers, and user IDs of the 287,961 affected individuals in the UK and Ireland were all exposed online. According to research shared with The Register ahead of publication, the details of individuals with senior roles in media outlets such as the BBC and various government departments such as His Majesty's Treasury, the UK Home Office, and the Ministry of Justice were included.  A number of former UK Members of Parliament (MPs), as well as one senior policy advisor and one EU ambassador, were caught up in the data exposure, it's understood.  Around 2,000 academic email addresses (those with .ac.uk domains) were also visible in the exposed data set. Jeremiah Fowler, the cybersecurity researcher who disclosed the findings to vpnMentor, said every account appeared to be unique, with no duplicates.  Such data could theoretically be used in convincing phishing scams that impersonate the taxi company, using the victim's full name and appearing legitimate by knowing other details, including their user IDs.

Dublin-based iCabbi provides software to more than 800 taxi fleets in 15 countries, including apps that comprise an entire platform. Dispatch is a system to manage fleet dispatching and BookApp is the underlying technology that allows taxi companies to provide a consumer-facing ride-hailing app experience without a bespoke application.  The company also offers software such as BookBusiness to more easily manage account-based customers, BookVoice for automated voice booking, and a suite of driver apps for things like navigation and in-car payments.  The exposed data appears to be related to the customer-facing apps powered by iCabbi's technology, given that staff details weren't included in the exposure.

<snip>

iCabbi didn't respond to El Reg's repeated requests for comment, but it did tell Fowler that human error was the cause of the security snafu, as is so often the case.  "Thanks again for bringing this to my attention – we have deleted the records," a company representative told the researcher. "Human error to blame here unfortunately … part of a migration of customers but we should not be using public folders. We are going to engage with customers to make them aware of this breach."  To iCabbi's credit, the company addressed the issue within a day, and according to Fowler responded to his disclosure professionally.

<snip>

 

How Gavan is still in business is beyond me. A shocking cab system.

[Rat Catcher]

What business is he in these days, SB?

To be fair, he made a large fortune out of iCabbi and his brother got a decent deal on a fleet of Renaults for ISM into the bargain. Win, Win I guess. I'd say seed/angel/venture capitalists are hanging on his every word.

[silverbullet]

What business is he in these days, SB?

To be fair, he made a large fortune out of iCabbi and his brother got a decent deal on a fleet of Renaults for ISM into the bargain. Win, Win I guess. I'd say seed/angel/venture capitalists are hanging on his every word.

Have you asked for a leg up in ISM? Probably a good guy to know. Gerry might put in a word for you.