Egyptian startup Swvl announced a security breach affecting user data including names, email addresses and phone numbers of its customers. The company took action to log out all its users from their accounts as a precautionary measure. It also advised users to change their passwords on Swvl.
“On the evening of 3rd July 2020, Swvl became aware of unauthorized access to our system. The investigation into the breach is still underway, but at this stage, it is clear that the data which was compromised is restricted to names, email addresses, and phone numbers,” the company’s statement highlighted.
The company that operates its bus-hailing services in Egypt, Kenya & Pakistan said that it has fixed all the vulnerabilities and taken measures to prevent future breaches.
“We have assembled a team of technology and security specialists with world-class skills specializing in incidents such as these. We immediately identified and addressed specific vulnerabilities that our IT infrastructure may have had, ensuring our customers’ data integrity. Our team of IT and security personnel have devoted all their efforts around the clock to ensure that we live up to our responsibility to protect our customers and their details,” noted the statement.
In addition to logging users out, Swvl said it has regenerated all access keys to its systems and infrastructure, reviewed all access privileges, reviewed all firewalls and access controls, and strengthened its system to increase its security and resistance to attacks.
Data breaches are one risk that technology companies face with other notable ones such as Adobe’s breach affecting 153 million user records in 2013 and Canva’s 2019 breach affecting 137 million user accounts in 2019.
Earlier this year Swvl raised $20m just before COVID-19 hit.