Personal data of more than 14 million customers of Middle East's popular ride-hailing service Careem in the Middle East, North Africa, Pakistan and Turkey have been stolen by cyber criminals, reports said. 

 

In a blog post, Careem said it has identified a cyber incident involving unauthorised access to the system it uses to store data. 

 

"While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data," it said.

 

It said on January 14 of this year, it became aware that online criminals gained access to its computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected, it said.

 

"As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies," it added.

 

"20 million customers have signed up across our platform. We are currently in 14 countries and close to 100 cities. 14 million of these customers were affected by the incident," a spokesman of the company was quoted as saying by Khaleej Times.

 

Moving forward, Careem said it understands the importance of customer privacy and it regularly reviews and updates its security systems, thought "this time it wasn't enough to prevent an attack". 

 

Careem is operating as normal across the region despite the incident. 

 

Commenting on the incident, Gregg Petersen, regional sales vice president, Middle East & Africa at Veeam Software, said: "The Careem breach of driver and rider account data is extremely concerning. Customers need the confidence and trust that digital transactions and the handling of data will always work as expected. With GDPR only a month away from being enforced, this is a timely reminder for businesses of all shapes and sizes to ensure business and personal data is subject to the most rigorous of standards and service levels and security. It appears from the reports today that this is the first public notification of a breach that happened in mid-January, which if the case isn't acceptable."

 

"Security breaches are getting bigger and bigger. What started off as a few files or records is now being regularly measured in the millions of users. Businesses must understand and act fast to ensure the chain of trust between them and their customers is never broken; not just to retain a customer, but to attract new customers and avoid business-changing fines," he said. - TradeArabia News Service