Swvl, the Egyptian bus-hailing startup, has reported a security breach that exposed the names, email addresses, and phone numbers of its customers.
In a recent statement by Swvl, which is also present in Kenya and Pakistan, it says that the exposure was noticed on the evening of 3rd July 2020.
“On the evening of 3rd July 2020, Swvl became aware of unauthorized access to our system. The investigation into the breach is still underway, but at this stage, it is clear that the data which was compromised is restricted to names, email addresses, and phone numbers.
“Rest assured that our investigation ensures that passwords and credit card information were not affected or exposed.
“Furthermore, the vulnerabilities have been addressed, and we are working tirelessly to make sure this doesn’t happen again, including deploying further additional security measures.”
The steps taken by Swvl
As soon as we became aware of the breach, we launched an internal investigation to determine the cause of the security breach. At the same time, we also engaged with leading cybersecurity experts to help us resolve the data breach and strengthen our security systems.
Since the incident, these are the steps we have taken to protect our customers’ privacy and information:
(i) regeneration of all access keys to our systems and infrastructure;
(ii) signing out of all customers from their accounts as a precautionary measure;
(iii) reviewing all access privileges to our system and infrastructure;
(iv) reviewing all firewall and access controls on our infrastructure; and
(v) strengthening areas of our system to increase its security and resistance to attacks.
Steps you should take
Along with Swvl taking all the steps to ensure that our systems remain secure, we would advise our customers to note and implement the following safeguards to protect their personal information:
(i) update the passwords for your Swvl account and all other accounts in which you have similar details. Please use a strong mix of characters when choosing a new password and try not to use the same password for multiple sites. Please also ensure that you do not share your password with third parties to prevent any unauthorized use.
(ii) remember that Swvl will never email, call, or text you for any personal details, including account passwords. If you receive such requests, please ignore them, report this immediately to the Swvl team using the Swvl App, or contact us at ask@swvl.com.
(iii) change your passwords regularly.
(iv) avoid clicking on any links or downloading attachments from email addresses that are not familiar.
(v) Swvl will only send you emails using our domain “swvl.com” so before relying on any email, please ensure that you check the authenticity of the domain.
Swvl concluded the statement by apologising to its customers for the data breach.
“The Swvl team wishes to apologize to you for this unauthorized security breach; however, we remain steadfast in providing you with the best possible value and experience.
“We stay dedicated to our mission to supporting you and improving the lives of our customers by providing them accessible commuting solutions in the future.
“As always, we will continue to devote our efforts to avoid anything like this from happening again. If you have any questions or require any clarifications, please feel free to reach our team at ask@swvl.com.