Careem was hit by a cyber attack on January 14 this year, the company announced today in a blog post and an email to its users. Data of all the 14 million Careem customers (at the time) and captains was stolen as a result of the attack.
The information stolen included customers’ name, email addresses, phone numbers and the trip data. The company did not specify about what’s included in the trip data but its safe to assume that all the trip history of the customers was part of it.
The company in the blog post said that it has no evidence that the credit card information was also stolen.
“There is no evidence that your password or credit card number have been compromised. Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information,” said the company.
All the users across all Careem markets including its half a million captains are affected by the breach. Those, however, who signed up after January 14th don’t have anything to worry about.
Since the incident took place, the company has been working with different stakeholders including law enforcement agencies and cybersecurity experts to investigate the breach.
“As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies. Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences,” noted the company in a blog post.
Even though Careem is claiming that the passwords were not stolen, the company has advised all the users to update their password.
Speaking about why it took the company so long to update the customers about this incident, a Careem’s spokesperson told MENAbytes, “Cybercrime investigations are immensely complicated and take time. We wanted to make sure we had the most accurate information before notifying people. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences.”
“Specifically, we have introduced enhanced monitoring capabilities across our infrastructure that allows us to detect and respond quickly to security threats. While our response has been robust, we are also implementing a further programme of updates to further develop our security capabilities over coming months,” they added.