Hacker takes down Copenhagen's bike-hire network and deletes database

Weekend attack rendered bike-hire network useless

Copenhagen's bike network was rendered useless in a cyber attack over the weekend in which the hacker was able to completely wipe the network's database.

Officials claim that the attack happened some time between 4 May and 5 May, and meant that people were not able to hire bikes from the Bycyklen system - similar to London's 'Santander Hire' bike hire system, except that the bikes have built-in electric motors.

The organisation described the hack as "rather primitive" - even if the hacker was able to delete an entire database - and the identity of the attacker is currently unknown.

The organisation believes that the attack could have been orchestrated by "a person with a great deal of knowledge of its IT infrastructure" - either an insider or an ex-employee.

Everything was erased and our entire system went down as a result of the malicious action

The company's 1,860 bikes rely on Android software that records the details of the person renting the bike as well as its location in the city. Information from the operating system is sent to a database.

But after the hacker compromised the organisation's systems on Saturday morning, the service was rendered useless. Users found it impossible to unlock and activate bikes.

Writing on Facebook over the weekend, the organisation confirmed the news and said it was working to deploy a manual update to fix the system.

By the end of the day, around 200 bikes were back in service. However, Bycyklen warned users that it would "take some time" to restore every bike to service.

"Everything was erased and our entire system went down as a result of the malicious action," said the company on its website.

"Since the hacking, we have been working hard to solve the problem but, unfortunately, it's not something we can fix with a snap of the fingers.

"We have of course reported the serious case to the police. We apologise for the inconveniences this causes to our users."

After restoring most of the bikes by Monday, Bycyklen launched an investigation.

On Monday, it released an update confirming that no personal data had been compromised in the attack "The attack has been aimed directly at our business, not our users," it said.

"We do not store payment card information. The only information we keep is our users' email addresses, phone numbers and their PIN codes for the Bycyklen bikes.

"For security purposes, we encourage all our users to change their PIN as soon as possible."