In one of the worst data breaches, the ride-hailing company based in Dubai; personal details of 14 million customers was stolen. Let’s look into the recent data breach in greater detail…
Careem, the ride-hailing firm which is based in Dubai, disclosed today it was the victim of major data breach which happened in January this year. Careem currently operates in 13 countries, which includes 90 cities. Careem says it’s the leading ride-hailing app in MENA, Turkey and other countries.
In a blog posted on its website, the Dubai based transportation network said, “Careem has identified a cyber incident involving unauthorized access to the system we use to store data.”
“On January 14 of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected,” the blog post read.
Hackers are said to have accessed and stolen the names, email addresses, phone numbers and trip data of everyone who have signed up for Careem prior to January 14. However, Careem said there is no evidence to suggest that the hackers accessed passwords or credit card information of its customers. While the data breach involved unauthorized access to Careem’s data storage system for 14 million riders and 558,800 drivers or captains, Careem said it has not seen any evidence of fraud or misuse of its crucial data.
“While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” it added.
When asked if the customers’ credit card details and passwords were compromised, Careem responded that there was no evidence that passwords or credit card numbers were compromised.
“Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information.”
According to Emirati media, Careem became aware of the hack after it was alerted to a message left by the hacker on the system.
Careem said it became aware of the security incident back in January. Since then, Careem said it has conducted an investigation and strengthened its security systems. Careem stated that it became aware of the security incident back in January this year and since then it has conducted an investigation and strengthened its security systems.
Careem added that it waited until now to tell people because “we wanted to make sure we had the most accurate information before notifying people,” the company wrote in a blog post.
According to Careem, once the company noticed the data breach it engaged with security experts and law enforcement agencies to investigate the hack and secure its systems against future hacks. “As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies.”
“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences,” the ride-hailing service said.
Careem also shared the actions they are taking to address the issue and prevent it from happening in the future.
Careem’s Security Recommendations
Careem has recommended to users the following steps to safeguard their personal information:
“Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites,” the handout read.
In addition, users were advised to “remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information”; to “avoid clicking on links or downloading attachments from unfamiliar emails”; and to “continue to review bank account and credit card statements for suspicious activity.”
“If you see anything unexpected, call your bank,” the statement read.
Careem’s Security Tips
Careem cannot do much about the data that was already stolen, so it advised users to follow the following security tips
• Update your passwords for both the Careem service and for other online services where you may have used the same password.
• Be cautious about suspicious suspicious emails asking you to click a link where personal information is requested or asking you to download an email attachment
• Review your bank and credit card statements for suspicious activity
The last one is particularly concerning, because it seems to imply that users’ credit card information was not properly secured or encrypted and that the hackers may have gotten this information and now are able to use it.
Post Breach Analysis
A representative of Careem told Dawn.com that as soon as the breach was detected, “an internal security team engaged leading cybersecurity experts to investigate the issue and strengthen our security systems to protect us against further attack.”
“Specifically, we have introduced enhanced monitoring capabilities across our infrastructure that allows us to detect and respond quickly to security issues, as well as upgrading access controls for our users using market-leading, multi-factor authentication procedures.”
“While we feel our response has been robust, we are also implementing a further programme of updates to further develop our security capabilities over coming months,” read the statement.
“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences,” the company said.
Responding to a query regarding the possible repercussions of the leaking of personal data and trip histories for journalists, politically exposed persons, social activists and other marginalized groups and what is being done to address the matter, the company simply said: “This is an ongoing investigation with law enforcement agencies, so we’re limited in the details we can provide at this time. Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. We’ve seen no cases of fraud or misuse tied to the incident.”
When asked if Careem is aware of any attempt to sell or ransom the data acquired by the hackers, the representative only repeated that: “We’ve seen no cases of fraud or misuse tied to the incident.”