Breach cyber

OxBykes

May 23, 2025 1 min read
OxBykes

OxBykes, a bicycle rental company operating in Oxford, Cambridge, and London, accidentally exposed customer data including names, contact details, and order history due to a security flaw in its mobile app. The data was accessible for a week, and the company is taking urgent steps to resolve the issue and contact affected customers.

Source: https://www.bbc.com/news/articles/c9q0xww2n3qo

TPRM report: https://scoringcyber.rankiteo.com/company/oxbykes

"id": "oxb313052325",
"linkid": "oxbykes",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "",
"explanation": "Attack with significant impact with customers data leaks: Attack which causes leak of personal information of customers ( only if no ransomware )"
{'affected_entities': [{'customers_affected': None,
                        'industry': 'Transportation',
                        'location': ['Oxford', 'Cambridge', 'London'],
                        'name': 'OxBykes',
                        'size': None,
                        'type': 'Bicycle Rental Company'}],
 'attack_vector': 'Mobile App Vulnerability',
 'data_breach': {'personally_identifiable_information': True,
                 'type_of_data_compromised': ['Names',
                                              'Contact Details',
                                              'Order History']},
 'date_detected': '2023-05-13',
 'description': 'A bicycle rental company, OxBykes, accidentally made customer '
                'data available on its mobile app, including names, contact '
                'details, and order history.',
 'impact': {'data_compromised': ['Names', 'Contact Details', 'Order History'],
            'systems_affected': 'Mobile App'},
 'initial_access_broker': {'entry_point': 'Mobile App'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'corrective_actions': 'Patching the security flaw',
                            'root_causes': 'Mobile app vulnerability'},
 'references': [{'date_accessed': None, 'source': 'BBC', 'url': None}],
 'regulatory_compliance': {'regulatory_notifications': ['Information '
                                                        "Commissioner's "
                                                        'Office']},
 'response': {'communication_strategy': 'Personal communication by CEO',
              'containment_measures': 'Patching the security flaw',
              'remediation_measures': 'Contacting potentially affected '
                                      'customers'},
 'title': 'Bike Hire Data Leak',
 'type': 'Data Leak',
 'vulnerability_exploited': 'Unauthorized administrative access'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

WeChat

public 1 min read
A massive data breach involving approximately 4 billion records has been discovered by cybersecurity researchers. The unsecured dataset, primarily consisting…
Jeremy C Jeremy C
Breach cyber

HMRC

public 1 min read
Organized crime has extracted £47 million from the UK government in a phishing operation. The operation involved mimicking taxpayer credentials…
Jeremy C Jeremy C
Breach cyber

Passion.io

public 1 min read
A major no-code app-building platform, Passion.io, operated a non-password-protected database containing millions of records with sensitive, personally identifiable information.…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.