Careem, ride-hailing app and Uber’s main competitor in the Middle East, on Monday revealed that it was hit by a cyber attack causing data of over 14 million users to be compromised.
In a blog post, the company said that it became aware of the attack on 14th January, when it identified a cyber incident involving “unauthorised access to a system we use to store data,” in which customer and driver account data were stolen.
Information such as names, phone numbers, email addresses, and trip data were stolen, however, according to the company, no password or credit card information was compromised.
“Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information,” it stated.
“While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” the post read, adding that customers and “captains” who have signed up after the attack have not been affected by the breach.
The ride-hailing service apologized to its users and said that, “Careem has learned from this experience and will come out of it a stronger and more resilient organisation.”
Aside from informing the users and assuring them that it is working with law enforcement agencies to look into the matter, Careem also advised its customers to use safeguards such as strong password management, cautiousness of unsolicited communications, links, or attachments in emails, and reviewing suspicious credit card or bank activity.
As to why it had taken so Careem so long to tell people, the company said that it “wanted to make sure we had the most accurate information before notifying people.”