Careem says cyber attackers stole data from 14 million people
The personal data of up to 14 million people in the Middle East, North Africa, Pakistan and Turkey has been stolen by online criminals in a cyber attack on Dubai ride-sharing platform Careem.
On January 14, the company detected the breach in the computer systems holding the account data of customers and drivers, or “captains”, in 78 cities in 13 countries. Names, email addresses, phone numbers and trip information were stolen.
At the time, Careem had 14 million customers and 558,000 drivers.
Those who have signed up since are not affected by the breach.
It is the first successful cyber attack of this magnitude on the company, Careem said.
It said there was no evidence that passwords, which are encrypted, or credit card numbers, which are kept with a highly secure third party, had been compromised.
No fraud or misuse related to the stolen information has been discovered. Careem’s servers are in Ireland.
Careem said that on January 14 it was alerted to a message the hacker left on its system.
It immediately investigated and with an external cyber-security company introduced measures to protect data and ensure its services were not disrupted.
Careem said it identified and secured the source of the breach and has strengthened its network defences. Law enforcement agencies would be notified and the company was collaborating with Interpol.
It will also notify Dubai’s Roads and Transport Authority, Careem said.
“We regularly review and update our security systems. This time it wasn’t enough to prevent an attack,” it said in an email that was due to be sent to its customers yesterday, which
The National saw in advance. The company apologised for the security failure.
Mudassir Sheikha, Careem’s chief executive and co-founder, told The National: “Throughout the incident, our priority has been to protect the data and privacy of our customers and captains.
“Since we discovered the criminal activity we worked to understand the situation, who was affected and what we needed to do. We’re sorry for what happened but Careem has learnt from this and will come out stronger and more resilient.”
Careem, which has expanded its services to 90 cities and 14 countries this year, is making a huge investment in digital security after the January incident and has hired “leading cyber-security experts”.
The Roads and Transport Authority, which uses Careem’s ride-hailing app for its taxis, is not affected by the attack because it does not share any of its drivers’ data with the company.
The UAE Telecommunications Regulations Authority said hackers targeted 34 websites in January, including eight data breaches.
In November, rival Uber said it had paid hackers to delete the personal data of 57 million customers and drivers. The news of the attack had been suppressed for more than a year. Uber’s chief security officer was dismissed over the incident.
Cyber-security threats around the world are on the increase and last May, companies such as FedEx and Telefonica and public institutions including the UK’s National Health Service were victims of the WannaCry ransomware attack.
Researchers at Kaspersky Lab at the time recorded more than 45,000 attacks in 74 countries, including the UK, UAE, Spain, Russia and Saudi Arabia.