The attack came Sunday as more than 2,000 public transport customer’s information was released. The data apparently came from myBART.org and included the first names, last names, addresses and phone numbers for riders using the public transport system and used the transit system’s website to manage their accounts. As of Monday, the website that released the information was now a blank white page.
According to media reports, the reason for the attacks was the Bay Area Rapid Transit system’s (BART) decision to shut down mobile phone service this past Thursday night. The move shut off phone service for hundreds of thousands of BART users while using the system. The move was made by BART because they stated that they had evidence that some users of mobile phones were planning something that would cause a massive service disruption.
The controversy involved goes back further than that, however. BART has its own police force to patrol the system. The police officers on the force have been criticized for the shooting of two men over the past two years. One of the men shot was a 45-year-old homeless man after he confronted the police holding a knife. Back in 2009, another man was shot in the back after scuffling with police.
BART has now warned passengers that they should be aware of scammers who may approach them after seeing their information released on the website. The organization has also released information about how commuters can request a free credit report to make sure that their stolen data has not led to anyone committing identity theft. BART, however, stresses that no financial data was stored.
Anonymous claimed that the BART site was vulnerable to a hacker attack known as an SQL injection. This attack involved inputin commands into a web-based database backend. They are usually a large number of commands and the injection sees which command will cause something, such as a release of data, to occur.