Popular Ride-hailing company Careem on Monday said it faced a massive data breach this year in January.
Careem on a blog post said, “Careem has identified a cyber incident involving unauthorised access to the system we use to store data.”
“On January 14 of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected,” said Careem in the blog post.
According to Careem, 14 million users (customers & captains) data have been stolen including their name, email address, phone number and rides data.
“While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” it added.
According to Emirati media, Careem became aware of the hack after it was alerted to a message left by the hacker on the system.
Careem has shared the actions against the incident to prevent it happen in future.
“As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies.”
“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences,” the ride-hailing service said.
On a question related to customers credit card details and passwords, Careem said that there was no evidence that credit card information or passwords were compromised.
Careem said, “Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information.”
Additionally, the blog post explains some steps for users to secure their accounts:
– Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites.”
– Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information
– Avoid clicking on links or downloading attachments from unfamiliar emails
– Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank
The post added, “Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organisation is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us.”
We apologise for what has happened but rest assured, Careem has learned from this experience and will come out of it a stronger and more resilient organisation. We remain dedicated to our mission of supporting the millions of captains and customers in the region who depend on Careem to earn a living and get around, it said.