Popular bus sharing service Swvl on Tuesday disclosed that the firm encountered a security breach, wherein customer data including names, email addresses and phone numbers were compromised.
“We wish to inform you that our team recently identified a security breach that involved unauthorised access to our systems,” SWVL said in a note to its users on the company’s website.
A security breach occurs when an intruder gains unauthorised access to an organisation’s protected systems and data. Cybercriminals or malicious applications bypass security mechanisms to reach restricted areas. A security breach is an early-stage violation that can lead to things like system damage and data loss.
The company disclosed that the unauthorised access to its system took place on the evening of July 3. “The investigation into the breach was still underway,” the company said in its note which was last updated on July 6.
Swvl is an Egyptian bus transportation network company based in Cairo that was founded in April 2017 by Mostafa Kandil. It operates buses along fixed routes and allows customers to reserve and pay for them using an app, with operations in Egypt, Kenya and Pakistan in the Middle East and North Africa (MENA) and Africa regions.
In Pakistan, Swvl has operations in Karachi, Lahore and Islamabad. In an announcement in November 2019, the company committed $25 million investment to expand its operations in Pakistan.
It is unclear how many users were affected by the breach. The company did not provide any details elaborating if the security breach was restricted to users in all the countries where it operates or was limited to a specific geography.
Swvl said that as per their investigation, sensitive information like passwords and credit card information were not affected or exposed. It also signed out all the customers from their accounts as a precautionary measure.
“Furthermore, the vulnerabilities have been addressed, and we are working tirelessly to make sure this doesn’t happen again, including deploying further additional security measures. As soon as we became aware of the breach, we launched an internal investigation to determine the cause of the security breach,” said the company.
“At the same time, we also engaged with leading cybersecurity experts to help us resolve the data breach and strengthen our security systems,” it said.
Security breaches like these are not uncommon. In 2018, hackers accessed the names, email addresses, phone numbers and trip data of users of popular ride-sharing service Careem. The company had also denied that any passwords or credit card information was accessed by hackers.
In 2016, ride-sharing service Uber had disclosed that hackers had stolen the personal information of about 57 million customers and drivers. According to reports, Uber had discovered the data breach in late 2016 and then waited to disclose the news almost a year later.