The principal rival of Uber in the middle east, Careem, has compromised the data of its 14 million users in a cyber attack that obtained access to the users’ names, email addresses, phone numbers, and trip history.
In a blog post, the company said that they learned of the hack on January 14th, but they waited to notify users to protect the investigation.
“As soon as we detected the breach, we launched a thorough investigation and engaged leading cybersecurity experts to assist us in strengthening our security systems. We are also working with law enforcement agencies,” the company wrote in the blog post. “Cybercrime investigations are immensely complicated and take time. We wanted to make sure we had the most accurate information before notifying people. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defenses.”
Based in Abu Dhabi (UAE), Careem had, at the moment of the attack, 14 million customers and 558,000 drivers on its platform, operating in 78 cities across the Middle East, North Africa, Pakistan, and Turkey. The startup was quick to state that no credit card information was compromised due it’s in third-party hands. “There is no evidence that your password or credit card number has been compromised. Customers’ credit card information is kept on an external third-party PCI-compliant server,” Careem post said.
Founded in 2012, Careem has the Saudi Arabia’s Kingdom Holdings, Daimler, and its Chinese contra part, Didi Chuxing, among its investors. The cyber attack came at a delicate moment for the startup, as they’re preparing for their initial public offering, expecting to raise $500 million to scale up their operations in the region.