HopSkipDrive, a student rideshare startup, disclosed a data breach affecting over 155,000 drivers, according to a filing with Maine’s attorney general. The breach, which occurred in June, compromised personal data including names, email and postal addresses, driver license numbers, and other identification card numbers. The company clarified that affected individuals include both active drivers and those who applied to drive on the platform, emphasizing that no employee or customer data was accessed.
The breach was first detected on June 12, 2023, when suspicious activity was noticed on certain third-party applications used by the organization. Despite claims of a delayed notification process, HopSkipDrive asserts that affected individuals were promptly informed in the first week of July and has maintained communication since then. A third-party forensic investigation revealed that the incident took place between May 31, 2023, and June 10, 2023.
While committing to enhancing system security to prevent future breaches, HopSkipDrive did not disclose specific measures being implemented. When asked about cybersecurity leadership within the company, HopSkipDrive stated the presence of information security experts within their legal and technology teams but did not mention a dedicated chief security officer.
Reference:
