[BreachExchange] Fort Worth Bike Share hacked, users’ credit card info and names possibly compromised

[Destry Winant]

https://www.star-telegram.com/news/local/fort-worth/article243963067.html

The corporation that operates Fort Worth’s bicycle sharing service was
hacked, and some users’ credit card information may have been stolen,
the company said in a letter to customers.

BCycle operates bike shares across the country, including in Fort
Worth. Some users received a letter in the past week informing them
that BCycle found malware on its website that allowed a hacker to see
personal information between Jan. 24 and April 26.

The hack only impacts those who signed up for a membership pass
through the website, said Jennifer Grissom, executive director of Fort
Worth Bike Sharing.

BCycle found the malware in April and launched an investigation,
according to the company’s letter. On June 2, the company identified
which users may have been impacted and sent a letter to them on June
26. The hacked information may have included users’ names, credit card
numbers and addresses.

Grissom said the hack impacts about 12% of BCycle’s nationwide users.

“It was a very small portion of people who bought passes through the
website,” she said.

In the letter, BCycle said the company was not aware of any
unauthorized transactions that resulted from the hack. But at least
one person reported to the Star-Telegram that their credit card was
hacked and someone made unauthorized purchases in May and June.

BCycle will cover the cost of one year of identity theft protection
for affected customers, according to the letter.

In another breach, Fort Worth’s public transit agency Trinity Metro
was hacked by a ransomware group, cybersecurity experts said Thursday.
Trinity Metro said it cannot comment on cybersecurity issues. Grissom
said she was not aware that Trinity Metro had been hacked, and that
hack did not involve Fort Worth Bike Sharing, which is separate from
Trinity Metro.