Customers urged to update passwords and review bank statements

A cyber-attack on the systems of ride-sharing platform Careem has affected 14 million of its customers, the company announced yesterday.

The popular Dubai-based travel app said a data breach had exposed the personal information of those who had signed up for its services before January 14 of this year – when the cyber incident was first noticed.

Issuing a statement yesterday, Careem said it had worked with law enforcement and cybersecurity experts to investigate the breach, which saw unauthorized access to its data storage.

Names, emails, and phone numbers of customers had been stolen by cyber-criminals, along with travel data related to any trips that had been taken through the app.

No credit card information had been compromised, Careem said, as this information is kept on a third-party server.

The company added that there was so far no evidence of fraud or misuse.

Careem launched in 2012 and operates in 13 countries, predominately in the Middle East and North Africa.

Writing on why it had waited so long to inform consumers, the company said: “Cybercrime investigations are immensely complicated and take time.

“We wanted to make sure we had the most accurate information before notifying people.

“While we feel our response has been robust, we are also implementing a further programme of updates to further develop our security capabilities over coming months.”

Careem said it had introduced enhanced monitoring of its infrastructure to help detect cyber-threats.

Customers should also update their passwords and continue to review bank statements for any suspicious activity, the company added.

According to Reuters, news of the breach arrives as the start-up attempts to woo investors in a new round of funding.

The ride-hailing app now shares embarrassment with Uber, which experienced its own colossal cyber-incident in 2016 that the company finally admitted in November last year.