Hackers have threatened Dublin's tram system Luas with the leak of private data should the company fail to pay a ransom in Bitcoin.
On Thursday, the tram service provider, operational in Ireland, informed customers of the security incident in a message posted to Twitter, saying that the website was "compromised" and a "malicious message was put on the home page," viewable to early visitors visiting the domain to look up routes and find information relating to the service.
Earlier on in the day, Luas had asked customers not to visit the website due to an "ongoing issue." Physical services are running as normal; however, at the time of writing, the Luas website is offline.
The message in question left behind when the Luas website was defaced claimed that the service had been previously told about severe security deficiencies in the website, but no action was taken.
As a result, the cybercriminals responsible demanded one Bitcoin (BTC) to be paid within five days, the current equivalent of $3,843, or data that has allegedly been stolen would be published.
The threat of data theft may or may not be genuine, but it should be noted that while the main Luas domain is down to allow technicians to regain control of the website -- and patch any security holes they find -- the tram service's payment gateway appears to be online and operational.
ZDNet has reached out to Luas with additional queries. In the meantime, the only statement released by the company reads:
"We will update customers via Twitter and Facebook, AA Road Watch and the media should there be any change to Luas services today. We apologize to all Luas customers for the inconvenience."