Lessons learned from the Careem data breach

January saw ride-hailing company Careem hit by a data breach that compromised driver and customer data.

How did the data breach occur?

In April, Careem reported that the names, email addresses, phone numbers and trip data of 14 million customers had been stolen.

The cyber criminals gained unauthorised access to the system Careem uses to store data.

Careem, which operates in 13 countries and more than 90 cities, said that there was no evidence of credit card details and passwords being stolen, but recommended that customers update their password, avoid clicking links or downloading attachments from unfamiliar emails and review their bank statements for any suspicious activity.

How can organisations prevent such attacks?

Careem assured customers it was taking action to address the incident and prevent it from happening again.

“Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defences”.

Careem said it was working with cyber security experts to “constantly monitor our systems, build and enhance our security fences, and react immediately to potential threats”.

To prevent such attacks, it is essential that organisations are aware of the risks and vulnerabilities they face, and that they implement appropriate measures to address them.

Regular penetration testing, together with the implementation of international information security standards such as ISO 27001, will help organisations deal with constantly evolving cyber threats.

More and more companies are suffering data breaches because of supplier error. It is vital that senior executives are more rigorous with suppliers when it comes to information security risk assurance.

If suppliers are going to have access to companies’ data, it is essential that they are subject to at least the same level of security as the company procuring their services.

Benefits of implementing ISO 27001

Accredited certification to ISO 27001 demonstrates that you are following information security best practice and provides an independent, expert verification that information security is managed in line with international best practice and business objectives.

An organisation with an ISO 27001 information security management system (ISMS) will:

  • Avoid penalties and financial losses because of data breaches;
  • Meet increasing client demands for greater data security;
  • Protect and enhance its reputation;
  • Get independently audited proof that its data is secure; and
  • Meet local and global security laws, such as the EU General Data Protection Regulation (GDPR).

Download our free ISO 27001 data sheet for more information on the benefits of ISO 27001 compliance and how to get started >>