Dubai-based ride-hailing app Careem was hit by a cyberattack that compromised the data of 14 million users.
The company learned of the breach on 14 January. Access was gained to a computer system storing customer and driver account information, including names, email addresses, phone numbers and trip data – all of which was stolen, though there was no evidence that passwords or credit card information, held on external third-party servers, were compromised, according to Careem.
Careem had 14 million customers and 558,000 drivers on its platform operating in 78 cities across the region at the time of the attack, but user who signed up thereafter remained unaffected, a company spokesman told Reuters.
In response to users asking on Twitter why the breach has been made know now when it occurred in January, the company tweeted, "Our priority has been to protect the data and privacy of our Customers and Captains. Since the discovery, we've worked to understand what happened, who was affected, and what was needed to strengthen our network. We wanted to ensure we had the most accurate information first. "
The company founded in 2012, is one of the region’s highly-regarded success stories, with Saudi Arabia’s Kingdom Holding, German carmaker Daimler and Chinese ride-hailer DiDi Chuxing among its investors
News of the attack comes at a sensitive time for Careem, as it tests investor appetite for a bid to raise as much as $500 million to fund new business lines. It completed a funding round of the same amount last year, said Reuters, adding that the company has previously said it is targeting profitability in the second half of 2018. It has also said that an initial public offering is an option under consideration.