Scholar rideshare startup HopSkipDrive has confirmed a data breach involving the private knowledge of greater than 155,000 drivers.
Los Angeles-based HopSkipDrive provides an Uber-style rideshare service for youngsters and youngsters. The startup, which has raised no less than $90 million because it was based in 2014, companions with faculty districts to move college students who dwell exterior conventional bus routes or want further assist getting to high school.
In a submitting with Maine’s lawyer common final week, HopSkipDrive confirmed that it had skilled a cybersecurity incident in June that resulted in a data breach affecting 155,394 drivers. HopSkipDrive mentioned the stolen knowledge included names, electronic mail and postal addresses, driver license numbers and different non-driver identification card numbers.
HopSkipDrive spokesperson Campbell Millum instructed information.killnetswitch that these affected embody “individuals who drive on our platform or who utilized to drive on our platform.” Millum added that no worker or buyer knowledge was accessed within the breach.
The corporate confirmed to information.killnetswitch that it first found the breach on June 12, 2023, when it “found suspicious exercise on sure third-party purposes utilized by our group.” The corporate declined to call the compromised purposes.
In a letter despatched to these affected, HopSkipDrive mentioned it first grew to become conscious of the problem after receiving an electronic mail from an unknown menace actor.
When information.killnetswitch requested why it took the corporate months to inform affected drivers, HopSkipDrive’s spokesperson rebuffed claims of a delay within the firm’s communications, including that the corporate first notified affected people within the first week of July and has “continued communications since then.”
“We promptly launched an investigation, engaged specialists to help in assessing the scope of the incident, and took steps to mitigate the potential influence to our group,” the letter despatched to affected drivers reads. “A 3rd-party forensic investigation decided the incident occurred between Could 31, 2023 and June 10, 2023.”
HopSkipDrive mentioned it’s “dedicated to strengthening our techniques’ security to stop an analogous occasion from occurring once more sooner or later,” however didn’t elaborate on what further safeguards it’s implementing.