The United Arab Emirates-based ride-hailing giant Careem has been hacked. As a result, personal and private data of 14 million drivers and customers has been stolen.
Careem is Uber’s rival in the Middle East and South Asia and North Africa. The company operates in 80 cities in 13 countries and valued $1.2 billion in 2017.
In a blog post, Careem stated that: “On January 14th of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected.”
What data was stolen
According to the blog post, the stolen data includes customers name, phone numbers, email addresses and ride data. This means the unknown malicious hackers have access to each and every trip the customer and driver took along with its location data.
Careem maintains that there is no evidence if credit card information and passwords were accessed or stolen by the hackers since the company keeps the payment card data on a third-party PCP-compliant server. However, the security notice also urges victims to keep an eye on “bank account and credit card statements for suspicious activity.”
Moreover, the company is advising victims to change their Careem password.
According to the UAE media, Careem identified the breach after noticing a message the hackers left on the compromised system. The content of the message is yet unknown.
Careem says it is conducting an investigation in order to address the issue accordingly.
“As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies.”
“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defenses,” the ride-hailing service said.
The difference in work ethics between Careem and Uber
In November 2017, it was reported that Uber suffered a massive data breach in which personal details of $75 million customers were stolen in October 2016, but the company not only kept the breach hidden but it also paid $100,000 to hackers as a bribe for not leaking the data.
Careem, on the other hand, while stating the breach said that “it is our responsibility to be open and honest with you and to reaffirm our commitment to protecting your privacy and data.”