Strætó, the capital area public transit system, recently announced that they have been the victims of a foreign-based cyber attack.
“The attackers have threatened to publish the data if Strætó does not pay a requested fee,” their English announcement reads in part. “In accordance with the guidelines of the Icelandic Network Security Team (netöryggissveit Íslands), Strætó will not comply with such demands The Data Protection Authority (Persónuvernd) has been notified of the matter and Strætó is in constant contact with the institution as a result.”
The data which was compromised included the company’s payroll and human resources system, their “case file where you can find inquiries from the public, contact information of suppliers, partners and contractors, as well as copies data for job applications”, and more.
In fact, in an Icelandic announcement from yesterday, they are nearing the conclusion of their investigations into the attack and have discovered that the hackers also gained access to the National Registry and the kennitala system.
These systems contain information pertaining to those who are or have been legally registered residents of Iceland, and Icelandic citizens, such as an individual’s name, kennitala, gender, legal address, family, and the kennitala of a spouse.
At this time Strætó does not believe that the attackers have or even can misuse this information, but they have not ruled out that the information has been copied and published already elsewhere. Investigations are still ongoing.
Buy subscriptions, t-shirts and more from our shop right here!