Technology

Careem Cyberattack: Hackers Stole 14M Customers Data

Dubai-based ride-hailing company Careem has come out with the information that they faced a data breach in January of this year.

In a recent blog post on their website, the company described the Careem cyberattack on their transportation network, stating that “Careem has identified a cyber incident involving unauthorised access to the system we use to store data…On January 14 of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that data are not affected.

Careem Cyberattack
By Zizolo0ol [CC BY-SA 4.0], from Wikimedia Commons
Further information about the Careem cyberattack suggests that roughly 14 million customers’ name, email address, phone number and trip data was accessed illegally during the breach.

While a large amount of data was accessed during the Careem cyberattack, there don’t seem to be any negative effects for those affected – at least so far. “While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data.”

While it’s good that the company is coming forward regarding the effects of the Careem cyberattack, one has to wonder why it took several months for the ride-hailing company to alert users to the fact that their data had been illegally accessed. If it was Careem’s “responsibility” to alert users to their potential compromised data, why did we not see any information regarding the issue until over four months later?

According to the Emirati media, the Careem cyberattack was made apparent only through a message left by the hacker of this system. The fact that it took a little message to alert the company to the issue makes one wonder how long the data would have remained compromised if the hacker wasn’t to leave his mark.

For those worried about their data being accessed by another Careem cyberattack, you can rest assured knowing that the company is taking steps to address the issues – hopefully preventing such a slipup from happening again in the future.

“As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies.”

“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences,” the ride-hailing service said.

While the cyberattack is no doubt serious, Careem has stated that no customers’ credit card details or passwords were compromised. While the hackers did get their hands on a significant amount of information during their illegal access, it seems as if financial information was is safe.

“Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information.”

The blog post on the Careem cyberattack ended with some tips on how to maintain your online security. These general guidelines to keep your information safe are included below.

  • Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites.”
  • Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information
  • Avoid clicking on links or downloading attachments from unfamiliar emails
  • Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank

“Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organisation is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us,” the company concluded.

Here is what Careem sent to their customers in email about the security update:

Dear Customer,

Careem has identified a cyber incident involving unauthorised access to the system we use to store data. While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data. 

We also want to share with you the actions we are taking to address the issue and to prevent it from happening in the future.

WHAT HAPPENED
On January 14th of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected.

WHAT WE ARE DOING
As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies.

Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences.

WHAT YOU CAN DO
Alongside the work we are doing to further strengthen our security systems, customers can follow these steps to safeguard their own personal information:

  • Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites
  • Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information
  • Avoid clicking on links or downloading attachments from unfamiliar emails
  • Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank

MOVING FORWARD
Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organisation is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us. 

We apologise for what has happened but rest assured, Careem has learned from this experience and will come out of it a stronger and more resilient organisation. We remain dedicated to our mission of supporting the millions of captains and customers in the region who depend on Careem to earn a living and get around. 

If you have any further questions, please head to https://blog.careem.com/security or email our team at securityupdate@careem.com

Our services are very much in operation and we look forward to your next Careem.