A car-booking app which operates in the Middle East and North Africa has issued an apology after announcing it was subject to a cyberattack earlier this year.
Careem – a car-booking app which operates in 13 countries – published a statement online about the cyberbreach.
It said that on January 14 the firm had identified a cyberincident involving unauthorised access to the system it uses to store customer and captain account data.
The statement said: “While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data.”
Customers and captains who signed up after January 14 were not affected.
The business said it had launched a thorough investigation and had engaged leading cybersecurity experts to help strengthen security systems as soon as the breach was detected.
“We are also working with law enforcement agencies,” the statement said.
“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences.”
It added that while security systems are regularly reviewed and updated, it was ‘not enough’ to prevent an attack this time.
“While no organisation is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us,” the statement said.
“We apologise for what has happened but rest assured, Careem has learned from this experience and will come out of it a stronger and more resilient organisation. We remain dedicated to our mission of supporting the millions of captains and customers in the region who depend on Careem to earn a living and get around.”
Gregg Petersen, Regional Sales Vice President, Middle East and Africa at Veeam Software, said the Careem breach of driver and rider account data was ‘extremely concerning’.
He said: “Customers need the confidence and trust that digital transactions and the handling of data will always work as expected.
“With GDPR only a month away from being enforced, this is a timely reminder for businesses of all shapes and sizes to ensure business and personal data is subject to the most rigorous of standards and service levels and security.
“It appears from the reports that this is the first public notification of a breach that happened in mid-January, which, if the case, isn’t acceptable.
“Security breaches are getting bigger and bigger. What started off as a few files or records is now being regularly measured in the millions of users.
“Businesses must understand and act fast to ensure the chain of trust between them and their customers is never broken; not just to retain a customer, but to attract new customers and avoid business-changing fines.”
Click below to share this article
