GoGet hacked, waits 6 months to inform customers

The GoGet car hire service was hacked, and payment details of some customers remain at risk.

From the article:
The company says it didn’t warn affected customers sooner under the advice of NSW Police, so as not to jeopardise their investigation or lead to the information being shared.

Customers have now been notified after police arrested a suspect at his NSW home yesterday and seized “computers, laptops and electronic storage devices”.

Read more:


It gets even funnier …


This might be a career defining move, ending it or on the other hand could benefit his career in the long run if he can be trusted.

It is like employing hackers to test system securities…they are possibly best placed to find vulnerabilities.


Yeah i woke to an email from them. Must have made an enquiry at some point.

The original post above makes it sound like the company was asked / advised by police, whereas the article linked in the first response states… “The company said it had chosen to hold off on notifying customers of the breach based on police advice…”

They chose profits over customers. Continual breaches are scary given metadata requirements etc these days.

By the way to check your own email addresses or former passwords for breaches, you can go to…



You’d be surprised the problems being a white-hat hacker can cause you some years down the track when someone vindictive tells stories to the right people and neglects to mention the context. The advice I would give here is keep on good terms with people who can validate your story, which is the truth. You never know when you might need them…

I’d be tempted to ask, based on personal experience, how many companies (particularly those who outsource their internet facing hosting) ever become aware they were hacked. I reckon I could tell a couple of really juicy stories - and I bet in the bigger picture there are stories even bigger and juicer :wink:

At least that is one thing which has improved in the last 10-15. There was a time, still this century, when you could talk until you were blue (but not police blue) in the face to police about what we now call ‘cyber crime’ and the blank look you would get equated to a ream of virgin A0. The situation has improved, and yet thankfully I don’t have those kind of interactions anymore …


Well this shows how well the new federal laws about telling customers if you’ve been hacked work.

Oh, wait - they’re not even in effect until 22 February!

Of course, six months between hack and notification is better than Catch of the Day (which now calls itself Catch) managed - it took three years to tell anyone. Then there’s Yahoo-level embarrassment, with half-a-billion - wait, we mean three billion! - hacked accounts.

Edit: am I the only reader to find the humour in this headline stating “GoGet hacked”?


Although on a tangent, a combination of naivety and a strong dose of cluelessness revealed by a Master’s Thesis.

Those with more conservative social sensitivities might best give this one a miss. Others might find it entertaining. You were warned.

Security researchers have found multiple vulnerabilities but would this be a simple security problem, potential cyber or other assault, or?


Ah yes - a growing area of research. I hear it’s quite a stimulating field. My understanding is that there are often unplanned hardware (or wetware) failures, to go with the security concerns. Not that researchers are too worried - they’ll probably get a raise for that body of work.

Exciting stuff.


In total, Cubrilovic faced 39 charges including dishonestly obtaining a financial advantage, dealing with identity information to commit an indictable offence, and taking and driving a vehicle without the consent of its owner.

The vast majority of the charges were withdrawn and dismissed, with Cubrilovic pleading guilty to four charges of taking a vehicle without consent, and a single charge each of dealing with identity information and dishonestly obtaining a financial advantage.

Cubrilovic, who is out on bail, is due to front Local Court in Sydney for sentencing on 1 May.

The researcher had been due to face trial this week but changed his plea earlier this month.

I wonder what the ‘real story’ is …

1 Like

Wrong azimuth on the arrays?


Maybe they hacked the court and investigation records to procure a better outcome :smile: This is purely in jest and should be read with that intent