Luas admitted that the details of at least 3,226 people could have been breached in the attack. In a statement, the company said: “We have identified 3,226 user records at this point of the investigation which may have been compromised.
“These are the records of where people signed up to a Luas newsletter. Luas will write to these people within the next 24 hours informing them of the potential breach.”
The company added that no financial information had been compromised and that it was in contact with the Data Protection Commissioner.
It comes after a threatening message appeared on the company’s website this morning asking for payment of one bitcoin, the equivalent of about £3,000.
The message read: “You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply.
“The next time someone talks to you, press the reply button.
“You must pay 1 bitcoin in 5 days otherwise I will publish all data and send emails to your users.”
The message has now been removed from the company’s website, which remains shut down.
Writing on Twitter, Luas said that it could take more than a day for the website to be restored.
It said: “The Luas website was compromised this morning, and a malicious message was put on the home page.
“The website has been taken down by the IT company who manage it, and their technicians are working on it.
“Luas are informed this may take the day to resolve.”
Luas added: “We will update customers via Twitter and Facebook, AA Road Watch and the media should there be any change to Luas services today.”
Security consultant Brian Honan told the Irish Times: “You have hackers out there who regularly scan the internet, looking for vulnerable websites.
“A vulnerable website would be a website with a security weakness in it that the owner isn’t aware of.”