Taxi aggregator Citymobil appealed to the police in connection with the detected leak of customer and driver data. This is reported by TASS with reference to the PR director of the company Ekaterina Zubenina.
Image source: city-mobil.ru
Zubenina said that anonymized phone numbers and data on trips made using the service are currently in the public domain. She admitted that most of the phone numbers could already be in the public domain through the database of leaked numbers, which appeared in large information leaks from other services, although this does not reduce the company’s level of responsibility.
Since December 23, the aggregator has been conducting an internal investigation to determine what other data the attackers may have. On the same day, the Information Leaks telegram channel reported that more than 4,000 photographs (in JPG format) of Citymobil drivers’ passports were in the public domain. Then, on December 27, the same telegram channel reported that on Monday, 3,910,592 unique phone numbers of customers, presumably Citymobil, and 80.7 thousand unique phone numbers of its drivers were made public.
Zubenina told Interfax that the company “does not store a wide list of users’ personal data on servers, but tries to limit itself to anonymized data that would be sufficient to achieve the goals of their processing.” “Despite this, the company’s management apologizes to every user and driver of partner parks whose personal data was made public,” she added. The top manager of Citymobil noted that the attackers threatened to make more extended information publicly available.
Zubenina also said that in accordance with the law, Citymobil sent a notification to Roskomnadzor about the data leak within 24 hours, and a letter about the measures taken to protect information within 72 hours.
If you notice an error, select it with the mouse and press CTRL + ENTER.
