Private data of 14m customers compromised by cybercriminals

Ride-hailing app says change your password RIGHT NOW!

Careem has identified a cyber attack involving unauthorised access to their system, resulting in data theft of over 14 million users.

According to initial reports, online criminals gained access to the app’s computer systems on January 14, 2018, compromising the account data of customers and captains (drivers). Customers and captains who have signed up with us since that date are not affected, the company claimed, adding that 14 million users have suffered from the cyber attack.

The ride-hailing company says it has seen no evidence of fraud or misuse related to this incident, taking responsibility for being open and honest about the cyber attack with consumers.

In the official statement, they have assured their commitment to protecting customer’s privacy and data. The release said it wants to share with the people the actions they are taking to address the issue and to prevent it from happening in the future.

The company issued an apology to all its consumers, saying, “We apologise for what has happened but rest assured, Careem has learned from this experience and will come out of it a stronger and more resilient organisation.”

“As online criminals’ methods and tactics continue to evolve and become ever more sophisticated, it is our duty to meet these threats,” Careem acknowledged.

PARTS OF DATA STOLEN:

Personal data including the customers’ name, email address, phone number and trip data has been hacked. However, the extent of damage is still not known since there are no other sources to confirm the data breach apart from the company itself.

Careem claimed, “There is no evidence that your password or credit card number have been compromised. Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information.”

However, the online cab service did advise its users to review their bank account and credit card statements for suspicious activity.

WHAT CUSTOMERS CAN DO:

Customers have been advised to:

Implement good password management by updating their Careem password, as well as other accounts on which you use similar details.

Use a strong mix of characters, and try not to use the same password for multiple sites.

Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information

Avoid clicking on links or downloading attachments from unfamiliar emails

Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank

CAN GOVT ASK CAREEM FOR DISCLOSURE:

While other countries may pursue to matter and challenge Careem, users in Pakistan cannot ask companies for full disclosures due to the absence of data protection laws. In this scenario, customers remain at their mercy.

According to experts, disclosing details after three months was an act of poor practice on Careem’s part. “It is lack of compliance in reporting this hack promptly. In absence of laws, companies cannot be taken to task for compromise of confidential user data,” an expert told Pakistan Today.

Sibtain Naqvi, Head of Communications at Careem, was reached for comment, but he refused to share any details with Pakistan Today.

Careem recognises itself as a transportation network company which is based in Dubai. It has operations in 80 cities of 13 countries in the Middle East, North Africa, and South Asia. The company was valued at around USD 1.2 billion as of 2017.

The company formally launched in Pakistan during March 2016. It competes with the industry’s other ride-hailing giant Uber.