This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

GoGet

Summary

GoGet, an Australian car sharing service, disclosed a data breach in January 2018 after an alleged hacker was arrested by police. The breach exposed customer information including driver's licence details, contact information, and account data. While the scale was relatively small, the incident was notable as one of the early Australian data breaches disclosed in 2018 and involved the arrest of the alleged perpetrator.

What Happened

An individual allegedly gained unauthorised access to GoGet's customer database, accessing personal information of members who used the car sharing service. The compromised data included driver's licence numbers, which members had provided as part of the verification process to use the service, along with names, contact details, and account information.

Police arrested an alleged hacker in connection with the breach, and GoGet disclosed the incident publicly. The company worked with law enforcement throughout the investigation. The breach appeared to involve external intrusion into GoGet's systems rather than insider access or accidental exposure.

Impact on Individuals

GoGet members affected by the breach faced several risks:

  • Identity theft: Driver's licence numbers combined with personal details could be used for identity fraud
  • Account security: Passwords (even if hashed) could potentially be compromised
  • Privacy violation: Disclosure of car usage patterns and personal information
  • Limited scale: As a car sharing service with a relatively small membership base, the number of affected individuals was contained

The driver's licence information was the most concerning element, as these government identity documents are used for verification across many services and their compromise creates ongoing identity theft risk.

Organisational Response

GoGet responded to the breach by:

  • Working with law enforcement during the investigation and arrest
  • Notifying affected members about the data breach
  • Advising customers to monitor for suspicious activity
  • Recommending password changes for accounts
  • Reviewing and strengthening security measures
  • Cooperating with police investigation of the alleged hacker

The company was transparent about the breach once the police investigation reached a stage where public disclosure was appropriate.

Law Enforcement Action

The GoGet breach was notable for the arrest of the alleged perpetrator:

  • Police arrested an individual in connection with the hack
  • Law enforcement investigation led to criminal charges
  • Demonstrated that data breach perpetrators could face criminal prosecution
  • Relatively unusual outcome compared to many breaches where attackers are not identified or charged

The arrest provided some accountability and deterrence, though affected individuals still faced the consequences of their information being compromised.

Car Sharing Industry Context

The breach highlighted data security considerations for car sharing platforms:

  • Driver verification data: Car sharing services necessarily collect driver's licences for verification
  • Location and usage data: Services know when and where customers use vehicles
  • Payment information: Financial data for billing purposes
  • Small platform risks: Smaller companies may have fewer resources for sophisticated cybersecurity

Timing and Context

The GoGet breach occurred in early 2018, shortly before Australia's Notifiable Data Breaches scheme came into full effect in February 2018. The incident was one of the early examples of Australian companies publicly disclosing data breaches, setting a precedent for transparency about security incidents.

Long-term Impact

The GoGet breach contributed to:

  • Increased awareness of data security in the car sharing sector
  • Recognition that even smaller platforms hold sensitive identity documents
  • Understanding that law enforcement would pursue data breach perpetrators
  • Early example of Australian companies disclosing breaches to customers

While smaller in scale than some 2018 breaches, the GoGet incident was significant as an early example of a company transparently disclosing a security incident and working with law enforcement to hold attackers accountable.

Verification Source: View original statement