13cabs

Summary

13cabs, a major Australian taxi service, disclosed on 28 March 2025 that it had detected unauthorised activity on its network earlier in the month. The incident compromised approximately 11,000 user accounts for 13cabs and Silver Service, representing roughly 1.1 per cent of all accounts, exposing personal information including names, phone numbers, addresses, and Taxi Subsidy Scheme details.

What Happened

In early March 2025, 13cabs detected sophisticated unauthorised suspicious activity that potentially compromised user accounts for 13cabs and Silver Service. The company published a public notice on 28 March 2025 confirming the incident. Attackers accessed personal information from approximately 11,000 customer accounts. Despite implementing forced account resets, the number of affected accounts increased to roughly 1.1 per cent of all accounts on the platform.

Impact on Individuals

The breach exposed personal information of approximately 11,000 customers, including names, phone numbers, addresses, and details related to users eligible for the Taxi Subsidy Scheme. Affected users had their accounts potentially compromised through the unauthorised access.

Organisational Response

13cabs notified affected users via SMS and email and reset passwords for all compromised accounts. The company reported the incident to the Office of the Australian Information Commissioner (OAIC) and indicated it would notify law enforcement agencies. At the time of disclosure, no threat actors had publicly claimed responsibility for the incident.