Careem’s blog says the ride-hailing company was made aware on 14 January of a data breach that compromised driver and customer data.
CNBC reported that the names, email addresses, phone numbers and trip data of 14 million customers and drivers were stolen. Careem says there is no evidence of credit card details and password being stolen, but recommends that customers review their bank statements and check with their bank for suspicious activity. The company is also strengthening its security systems.
Careem operates in 13 countries and more than 90 cities. The cyber-criminals gained access to computer systems, data theft was the only incident that was reported. However, for businesses relying on technology an attack on computer systems could means loss of business and customer trust as well. Customer and driver data is crucial, and could be used by competitors or shared with other businesses.
Unauthorised access to computer systems should have raised alarm and an immediate action to plug the gap would have been an appropriate action. Careem has promised to come out stronger and more resilient organisation through the incident. Certainly, the intrusion will be a wakeup call, but no organisation should wait to make its environment robust against attacks.
IT Governance strongly believes that organisations of all sizes and in any industry should take appropriate steps to secure the personal data they hold. Take a look at our consultancy services and packaged solutions to implement effective cyber security.