Cyber criminals have leaked data of 110,000 Lithuanian-registered users of the car-sharing service CityBee, the company's chief executive officer said on Tuesday.
"What's strange is that the (stolen) information is three years old. If it had been stolen in the past, it seems that it should have been released earlier. Why keep it for so long?" Kristijonas Kaikaris told a news conference.
"Another thing is that we no longer have the information that was leaked, because our customer base has grown and the infrastructure has changed."
Kaikaris said CityBee had not yet received any blackmail threats or payment demands.
The data were released in two portions, which suggests that the cyber criminals are watching for reactions, he said.
CityBee was informed on Monday evening that some of its customers' names, email addresses, personal identification numbers and encrypted passwords had been published on a hacker forum.
Read more: Lithuania came under biggest cyber attack in years, says defence minister
CityBee has informed affected customers and set up a hotline. The company cooperates with the police, cyber security experts in Lithuania and abroad in investigating the crime, he said.
"First of all, we're very sorry. I've been personally affected, too, because I'm a CityBee client, as have my family, my friends and my acquaintances. I do understand the sense of insecurity of some of our clients," the CEO said.
Police have launched a pre-trial investigation into the data theft. The Lithuanian State Data Protection Inspectorate has also started a probe.
Later on Tuesday, the inspectorate also urged affected users to change their passwords and not to give in to ransom demands.
"We are currently working with all relevant institutions to prevent further unlawful processing of personal data," said Raimondas Andrijauskas, the inspectorate's director.
"We advise people themselves to take safety measures and, first of all, change their passwords," he added. "[People are warned] against falling victim to fraudsters demanding a ransom and [advised] to follow our information and police information about this incident".
CityBee advises its customers who registered in the company's system before February 22, 2018 to change their passwords.
CityBee operates in Lithuania, Latvia, Estonia, and Poland. The company owns a fleet of over 2,000 vehicles and has a registered customer base of more than 750,000 people.
LRT English
Newsletter
Every Friday morning.
