Important Security Information Careem Admits That Data Of 14 Million Users Was Leaked

16


Important Security Information

Careem has identified a cyber incident involving unauthorised access to the system we use to store data. While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data.

We also want to share with you the actions we’re taking to address the issue and to prevent it from happening in the future.

WHAT HAPPENED

On January 14th of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected.

WHAT WE ARE DOING

As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies.

Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences.

WHAT YOU CAN DO

Alongside the work we are doing to further strengthen our security systems, customers can follow these steps to safeguard their own personal information:

Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites.
Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information
Avoid clicking on links or downloading attachments from unfamiliar emails
Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank
MOVING FORWARD

Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organisation is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us.

We apologise for what has happened but rest assured, Careem has learned from this experience and will come out of it a stronger and more resilient organisation. We remain dedicated to our mission of supporting the millions of captains and customers in the region who depend on Careem to earn a living and get around.

If you have any further questions, email our team at securityupdate@careem.com.

Our services are very much in operation and we look forward to your next Careem.

FAQ

1. What exactly happened?

On January 14th of this year, we identified a cyber incident involving unauthorised access to a system we use to store data.

Our team immediately investigated this, working with an external cybersecurity firm to put in place measures to protect our customers and captains, and to ensure that our service and your lives were not disrupted.

As online criminals’ methods and tactics continue to evolve and become ever more sophisticated, it is our duty to meet these threats. We are increasing our online security efforts to ensure that we can continue to empower people across the region, especially the millions of captains and customers who depend on Careem to earn a living and get around.

2. What customer account data was stolen?

Customers’ name, email address, phone number and trip data.

3. Are my credit card details and passwords safe?

There is no evidence that your password or credit card number have been compromised. Customers’ credit card information is kept on an external third-party PCI-compliant server. A PCI server uses highly secure protocols and is employed by international banks around the globe to protect financial information.

4. Why has it taken Careem so long to tell people?

Cybercrime investigations are immensely complicated and take time. We wanted to make sure we had the most accurate information before notifying people. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences. Specifically, we have introduced enhanced monitoring capabilities across our infrastructure that allows us to detect and respond quickly to security threats. While we feel our response has been robust, we are also implementing a further programme of updates to further develop our security capabilities over coming months.

5. So what action do I need to take?

Alongside the work we are doing to further strengthen our security systems, customers can follow these steps to safeguard their own personal information:

Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites.
Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information
Avoid clicking on links or downloading attachments from unfamiliar emails
Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank
6. What has Careem done to protect my data?

We take the protection of our customers and captains’ data very seriously. We have a team of leading cybersecurity experts who have been working with external security firms to constantly monitor our systems, build and enhance our security fences, and react immediately to potential threats. In addition, we are working with law enforcement agencies.

Source