Student ride-sharing startup HopSkipDrive has confirmed a data breach involving the personal data of more than 155,000 drivers.
Los Angeles-based HopSkipDrive provides an Uber-style rideshare service for children and teens. The startup, which has raised at least $90 million since its founding in 2014, partners with school districts to provide transportation for students who live outside of traditional bus lines or who need special assistance getting to school. We are doing
HopSkipDrive acknowledged in a filing with the Maine Attorney General's Office last week that it suffered a cybersecurity incident in June that resulted in a data breach affecting 155,394 drivers. According to HopSkipDrive, the stolen data included names, email addresses, addresses, driver's license numbers, and other non-driver identification numbers.
HopSkipDrive spokesperson Campbell Milm told TechCrunch that those affected include “anyone who drives or applies to drive on our platform.” Millum added that no employee or customer data was accessed in the breach.
The company confirmed to TechCrunch that it first discovered the breach on June 12, 2023, when it “discovered suspicious activity on certain third-party applications utilized by our organization.” The company did not reveal the name of the compromised application.
In a letter sent to affected people, HopSkipDrive said it first became aware of the issue after receiving an email from an unknown attacker.
When TechCrunch asked why it took the company months to notify affected drivers, a HopSkipDrive spokesperson dismissed claims that the company was late in communicating, saying the company It added that it first notified affected individuals in the first week of 2017 and “has continued to communicate with them ever since.”
A letter sent to affected drivers said: “We will immediately launch an investigation, engage experts to help assess the scope of the incident and take steps to reduce the potential impact on the community. It is written, “Taught.'' “A third-party forensic investigation determined that this incident occurred between May 31, 2023 and June 10, 2023.”
HopSkipDrive said it was “working to strengthen the security of our systems to prevent a similar incident from happening again in the future,” but did not elaborate on what additional safety measures it had in place. Ta.
TechCrunch did not list a chief security officer on HopSkipDrive's management page, but we asked if the company has a dedicated officer responsible for cybersecurity. HopSkipDrive said it has “information security experts on both the legal and technical teams.”