Fick detta precis
To our riders,
We wanted to let you know about a potential security flaw that has now been fixed.
On 11 March, a German news outlet, Bayerischer Rundfunk, informed us of the fact that they had hired a third-party cybersecurity firm to gain unauthorised access to our system. The firm used an inactive part of VOI’s software to ascertain that they were able to download email addresses, some user IDs and some phone numbers for around 100,000 users.
While we do not condone BR’s methods, we are glad their actions gave us a chance to address a potential problem before it arose. We want to emphasize that this was not a cyberattack, and that no credit card details or login credentials were obtained by either the cybersecurity firm or Bayerischer Rundfunk.
However, we immediately resolved the flaw and ran checks to ensure that no other organisation or individual had entered our systems via this vulnerability. Bayerischer Rundfunk’s actions were for the sake of a story about VOI, and they did not intend to publish the data they obtained through the security flaw.
As our riders, your privacy is paramount, and we want to assure you that your data is not at risk. In light of the Bayerischer Rundfunk’s findings, we have commissioned a substantial security audit from a third party so as to guard ourselves against any genuine attacks in the future. We have also significantly enhanced the way we encrypt and protect our data, and have reported the incident to the Swedish Data Protection Authority as part of our compliance work under the EU General Data Protection Regulation.