DUBAI (- Careem, a ride-hailing app and rival of Uber in the Middle East, said Monday it was the victim of a cyber attack that compromised the data of its clients and employees.
The company said in a message to customers that the attack was detected on January 14, at a time when the app had 14 million users and 558,000 captains active on the system across 13 countries including Middle East, North Africa, Pakistan and Turkey.
“We became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date (January 14) are not affected,” it said. The breach affects all customers and captains who signed up with the service before January 14, 2018. Users who signed up with the service after that date have not been affected, Careem said in an emailed statement.
The company separately reported that sensitive information like customers’ names, email addresses, phone numbers and trip history data (pick-up and drop-off points) had been stolen by hackers.
Careem, which was founded in Dubai in 2012, stressed it had “seen no evidence of fraud or misuse related to this incident” and vowed to strengthen the network’s security.
“There is no evidence that your password or credit card number have been compromised,” Careem assured its users. “Customers’ credit card information is kept on an external third-party PCP-compliant server,” Careem claimed. The company has recommended to users the following steps to safeguard their personal information: “Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites,” the handout read. In addition, users were advised to “remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information”; to “avoid clicking on links or downloading attachments from unfamiliar emails”; and to “continue to review bank account and credit card statements for suspicious activity.” “If you see anything unexpected, call your bank,” the statement read.