Published: 2018-04-23 19:04
Last Updated: 2018-04-24 09:12
The ride-hailing firm Careem Network FZ said in a statement on Monday that it was the victim of a cyber attack on 14 January.
The cyber attack targeted millions of customers’ and drivers’ names, emails, phone numbers and trip data.
The statement assured Careem's users that there was “no evidence” of the hackers stealing their passwords and credit card numbers, adding that it had chosen to discuss the incident with its users out of respect for them and to remain transparent.
However, it has advised its customers to “continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank.”
Jordanian cyber information security expert Raed Nesheiwat told Arab News that the delay in informing Careem's users about the incident was a “huge” problem.
“Hackers got all Careem’s clients and captains’ personal information. Waiting three months to reveal this to the public is completely unacceptable,” he said.
“They allowed the hackers to use that data while their clients were not aware of the breach.”
A Careem call handler in Dubai responded that “we wanted to make sure we had all the information before we notified customers,” according to Arab News.
“We did not want to alert the hackers that we were aware of the breach before the issue was fixed.”
Careem was founded in 2012 and operates in a number of Arab countries, including Jordan, Saudi Arabia and Egypt.
More than 20 million people and 500,000 drivers are registered with the Dubai-based company, according to its website.
The firm could be valued at $1.5 billion, and has reportedly been in talks with banks about a potential initial public offering, according to Bloomberg.
Careem is currently working alongside cybersecurity experts and law enforcement to get to the bottom of the hack.