The Big Blue Bus is alerting customers of a potential data breach related to the NextBus program.
Officials were notified on Sept. 25 of a data security incident at NextBus, the company that BBB works with in order to make predictive real-time bus arrival information available to customers.
BBB said the breach impacted customers that created an individual account on NextBus.com and advised those customers to reset their password.
“On September 18, NextBus detected suspicious activity from an agency account and its IT experts worked quickly to minimize the issue. An unauthorized individual may have gained access to a database containing some account information of our NextBus agency customers and the riders that use NextBus services,” said a BBB alert.
“Some of you may have created accounts on NextBus.com in order to customize the information you see on the website or on your smartphone. NextBus says that it does not collect or possess Social Security numbers, driver’s license numbers or any financial information from its users and customers, including credit cards, so none of that type of information is at risk. However, NextBus highly recommends you reset your password on your account, especially if you use it elsewhere.”
According to BBB, NextBus has disabled the compromised account, increased minimum password strength and blocked traffic to or from any suspicious Internet addresses.
They said customers should also watch for potential “phishing” scams related to NextBus. Officials said neither BBB nor NextBus would ever email to ask for personal or account information. Customers that receive suspicious communication or individuals who want more information can contact NextBus directly at firstname.lastname@example.org or by dialing 1-877-NEXTBUS (639-8287).