Ride-hailing service, Careem just had a cyber-attack which resulted in the theft of personal data of up to 14 million people in the Middle East, North Africa, Pakistan, and Turkey.
According to Careem’s blog post, the startup has identified the attack on January 14 but had no proper evidence of fraud. “While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” it said.
The company states that as soon as they detected the breach, they launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. They’re also working with law enforcement agencies to combat this data breach.
“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defenses,” Careem added.
Gregg Petersen, regional sales vice president, Middle East & Africa at Veeam Software, commented on the incident saying: “The Careem breach of driver and rider account data is extremely concerning. Customers need the confidence and trust that digital transactions and the handling of data will always work as expected. With GDPR only a month away from being enforced, this is a timely reminder for businesses of all shapes and sizes to ensure business and personal data is subject to the most rigorous of standards and service levels and security. It appears from the reports today that this is the first public notification of a breach that happened in mid-January, which if the case isn’t acceptable.”
Careem apologizes for the breach and mentioned that it’s dedicated to their mission of supporting the millions of captains and customers around the region.
“Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organization is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us,” the startup said.