April 24, 2018 — A cyber-attack on Dubai-based ride sharing platform Careem has resulted in the theft of personal data of up to 14 million people in Pakistan, the Middle East, North Africa and Turkey.
The company said it detected the attack on January 14 but added that it has “no evidence of fraud or misuse related to the incident”.
In a message to customers, Careem added: “It is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data. We also want to share with you the actions we are taking to address the issue and to prevent it from happening in the future.”
The company said that as soon as the breach was detected, it launched a thorough investigation and engaged leading cybersecurity experts to assist in strengthening security systems.
“We are also working with law enforcement agencies,” said Careem.
“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defenses,” it added.
The company apologized for the breach, adding that it remains “dedicated to our mission of supporting the millions of captains and customers in the region who depend on Careem to earn a living and get around”.
It also urged customers to implement good password management by updating their Careem password, and remain cautious of any unsolicited communications that ask for personal information.
“Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organization is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us,” the statement said.