In a major development, Careem, the popular ride-hailing service operating in the Middle East, North Africa, Turkey, and Pakistan, through a security announcement has reported a cybersecurity breach targeting its customers and captain’s data.
“Careem has identified a cyber-incident involving unauthorized access to the system we use to store data. While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data”, said an email released to users.
In the announcement, Careem reaffirms its commitment to protecting the privacy and data of its users, while maintaining that it has not found clear evidence of any stolen data of credit card numbers, phone numbers, and addresses, by itself and third-party entities.
Careem claims no credit card details have been stolen since details are kept on a PSA secure server which was not compromised. In such events, users are advised to reset their user ID’s and passwords.
In the announcement, Careem explains what actually happened and says, “On January 14th of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected”.
Disclosing details after three months is poor practice on part of Careem, showing a lack of compliance in reporting this hack promptly. In absence of data protection laws, users cannot ask companies for disclosures in Pakistan, and customers, unfortunately, remain at their mercy.
Careem, in its security announcement, further states, “Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organisation is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us. We apologise for what has happened…”
CEO Naseeb Networks, Monis Rehman, who owns and runs the country’s biggest employment platform Rozee.pk, in a Twitter post today, recalls another such incident, “Back in December 2017, about a month before Careem discovered the hacking incident compromising private data of 14 million customers, a Pakistani ethical hacker apparently reported a similar vulnerability to Careem”. The security hacker in a post on the ‘Security Breached Blog, had highlighted flaws in Careem’s system which could lead to potential cyber threats to the system, and the user data that it contained.
Digital security, as well as data privacy, has been in the global spotlight since the last couple of years, with many organizations coming under fire from governments, users, and regulatory authorities, to do more to protect important data of their customers.
While many countries have committed to drafting policies which protect customers from any security breaches that affect their data or uses it for purposes not known to them, Pakistan, lags behind.