Rider Data Allegedly Compromised in TheBus and Handi-Van Ransomware Attack
Rider data of TheBus and Handi-Van users seems to have been compromised in what’s being called a ransomware attack on the company that manages these transportation services. For the last four days, the websites of TheBus and Handi-Van have been down, and services like GPS and the Holo card system have been intentionally shut down to protect user data.
The Ongoing Investigation
This is the second data breach of Oahu Transit Services (OTS) in three years, prompting an investigation by the FBI and HPD (Honolulu Police Department). The city’s Department of Transportation Services (DTS) confirmed that the breach began early on Saturday around 1 a.m.
Roger Morton, director of the city’s Department of Transportation Services, stated, “Our phones went down, our OTS system went down, and it became pretty obvious that it was an outside intrusion into the system.” To contain the situation, OTS quickly severed all connections to other systems.
Service Disruptions
While TheBus and Handi-Van are still running their scheduled routes, the websites, GPS, and Holo card systems remain turned off to prevent data misuse. However, it seems this may be too late as Falcon Feeds, a cybersecurity firm based in India, identified the attack group as DragonForce Ransomware.
The Ransom Situation
DragonForce reportedly claims to possess 800,000 pieces of data and has given OTS ten days from Tuesday to pay the ransom. Nandakishore Harikumar, Falcon Feeds CEO and founder, explains, “Every data breach, even if it’s leaking one line of data, we believe it’s serious.”
Photos shared by Falcon Feeds suggest that the captured data includes names, addresses, and bus or Handi-Van card ID types. Since DragonForce operates out of Malaysia, there’s still some uncertainty if the group responsible is the authentic DragonForce or an imposter.
Response and Recovery
Despite the pressure, Morton emphasized, “We have not paid any ransom,” stating that it’s against their policy. Instead, OTS is methodically disinfecting hundreds of workstations to eradicate any lingering viruses.
While the DTS will not confirm if this is indeed a ransomware attack, they have said it's under active investigation. During this period, OTS has been using a gmail account to respond to media inquiries. Morton assured the public that OTS expects to have all online systems back in operation by Wednesday.
Summary
In the wake of this alleged ransomware attack, OTS has taken measures to protect user data and clean their systems. The investigation continues, and officials hope to restore all digital services shortly. Until then, riders can still use TheBus and Handi-Van for their transport needs, though some digital conveniences remain unavailable.
