Careem on Monday warned its users that their personal data had been compromised in a massive cyber-security breach.The company stated that sensitive information like customers’ names, email addresses, phone numbers and trip history data had been stolen by hackers.
However, “there is no evidence that your password or credit card number have been compromised,” Careem assured its users. “Customers’ credit card information is kept on an external third-party PCI-compliant server,” Careem claimed.
The breach affects all customers and captains who signed up with the service before January 14, 2018. Users who signed up with the service after that date have not been affected, Careem said. Careem was launched in Pakistan in March 2016 and has rapidly become one of the most popular ride-hailing services in the country.
The company did not specify whether the breach affected its operations worldwide, or in a specific country. It also did not comment on the origin or nature of the cyber security breach.
The company said it had launched an investigation when it detected the breach, including engaging “leading cybersecurity experts to assist us in strengthening our security systems”.
They added that they are also working with law enforcement agencies.
“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences,” the company said.