An internet security firm reported that a company which handles reservations for limousine and town car services nationwide suffered a hacker attack, compromising information from VIPs including Tom Hanks, Donald Trump, and LeBron James.
The breach has exposed credit card numbers and behavioral information of up to one million customers including top athletes, politicians, business leaders, and celebrities.
“The privacy implications of this are very disturbing,” said Alex Holden, chief information security officer of Milwaukee-based Hold Security.
Holden says he discovered the breach about a month ago and informed the software company of the hackers attack and breach in security.
Not only financial information has been potentially compromised, details of personal preferences, such as pickup and drop-off locations are now in the hands of the hackers.
Car services buy software from CorporateCarOnline and use it in their everyday operations, according to the Associated Press.
Brian Krebs, a cybersecurity blogger who works with Hold Security, originally reported the intrusion on his website, krebsonsecurity.com.
Some of the details revealed actor Tom Hanks was referred to as a “VVIP” and wanted a “No cell/radio use” driver when taking a trip to a Chicago restaurant.
Another chauffeur, meeting Latin American textile businessman Josue Christiano Gomes da Silva inside an airport luggage claim area with a printed sign was told: “SUPER VIP CLIENT. EVERYTHING MUST BE PERFECT!”
According to the information stolen by hackers, Donald Trump required a new car with a clear front seat, and LeBron James wanted to be picked up at an entrance for athletes at a Las Vegas sports arena.
The information stolen also gives other details, which can be more troublesome including what took place inside the vehicles including sex, vomiting, and drug use, according to Krebs.
Holden said he found the information from CorporateCarOnline customers stored on the same computer server where he earlier found stolen usernames and passwords from PR Newswire, Adobe Systems and about 100 other firms.
He said most firms took immediate action when informed; Adobe and PR Newswire went public when they learned of the breaches, warning millions of customers affected.
Adobe recently disclosed that 38 million, not 6 million customers were impacted.
Holden says he is concerned that CorporateCarOnline is not doing enough and he was contacting credit card companies himself.
The company advertises strong security on their site, but a cybersecurity fellow at the Center for International Security and Cooperation at Stanford University found the website runs on outdated software which makes it vulnerable.
According to security experts, the limo reservations company was like many others today, who entrust their security to third parties leaving them out of the loop.