As reported by The Reykjavik Grapevine, Iceland’s public bus system, Strætó, has been the victim of a cyber attack at the hands of foreign-based hackers.
According to Strætó’s English announcement, “The attackers have threatened to publish the data if Strætó does not pay a requested fee.” It follows with, “In accordance with the guidelines of the Icelandic Network Security Team, Strætó will not comply with such demands The Data Protection Authority has been notified of the matter and Strætó is in constant contact with the institution as a result.”
Among the data that was breached includes Strætó’s payroll and HR system, plus a “case file where you can find inquiries from the public, contact information of suppliers, partners and contractors, as well as copies data for job applications.”
Moreover, investigations found that the hackers gained access to Iceland’s National Registry and social security system, including valuable data on legally registered residents of Iceland and Icelandic citizens such as names, social security numbers, address, gender, etc.
Strætó currently believes that the hackers cannot misuse this information but haven’t ruled out that this info has been passed on.