Cyberattack on Careem: Data of 14 million customers stolen

By
Web Desk
|
Photo: Careem

Ride-hailing giant Careem on Monday said it faced a data breach in January this year.

In a blog posted on its website, the Dubai based transportation network said, “Careem has identified a cyber incident involving unauthorised access to the system we use to store data.”

“On January 14 of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected,” the blog post read.

In all, 14 million customers’ name, email address, phone number and trip data was stolen in the breach.

“While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” it added.

According to Emirati media, Careem became aware of the hack after it was alerted to a message left by the hacker on the system.

Careem also shared the actions they are taking to address the issue and prevent it from happening in the future.

“As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies.”

“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences,” the ride-hailing service said.

When asked if the customers' credit card details and passwords were compromised, Careem responded that there was no evidence that passwords or credit card numbers were compromised. 

"Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information."

Additionally, the blog post explained what customers can do to prevent such breaches in the future.

Here are some steps to safeguard you own personal information: 

- Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites.”

- Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information

- Avoid clicking on links or downloading attachments from unfamiliar emails

- Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank

The post added, “Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organisation is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us.”

We apologise for what has happened but rest assured, Careem has learned from this experience and will come out of it a stronger and more resilient organisation. We remain dedicated to our mission of supporting the millions of captains and customers in the region who depend on Careem to earn a living and get around, it said.