HopSkipDrive, a prominent US ridesharing company specializing in transporting children and older adults, recently fell victim to a third-party data breach. The breach, suspected to be a ransomware attack, exposed sensitive information, including driver’s license numbers, affecting a significant number of its users.
Details of the Breach
On July 25th, 2023, HopSkipDrive received an alarming email from an unidentified threat actor, claiming unauthorized access to certain third-party applications utilized by the company. The subsequent investigation unveiled that attackers had breached a third-party app in late May, navigating the network for nearly two weeks.
The breach potentially granted access to usernames, mailing addresses, email addresses, and critical data such as driver’s license numbers or non-driver ID numbers. This poses a considerable security risk, as cybercriminals could misuse the compromised data for identity fraud.
The theft of driver’s licenses and ID numbers underscores the severity of the breach, with threat actors capable of exploiting the acquired data for malicious purposes. This places affected individuals at risk of identity theft and other fraudulent activities.
Scale of Impact
According to information provided by HopSkipDrive to the Maine Attorney General, a total of 155,394 individuals may have been impacted by this security incident. The breach has raised concerns among users and regulatory authorities alike.
Established in 2015, HopSkipDrive plays a crucial role in supplementing the US school bus system, offering transportation services to children and older adults in areas not covered by traditional school buses. The company collaborates with renowned organizations such as Denver Public Schools, the County of California, Federal Way Public Schools, and more. With an impressive track record of over 3 million completed drives and partnerships with over 16,000 schools, HopSkipDrive has become a significant player in the ridesharing industry.
As HopSkipDrive addresses the aftermath of this data breach, users and stakeholders remain vigilant about potential impacts on their personal information. The incident emphasizes the need for robust cybersecurity measures in the ridesharing industry and serves as a reminder for organizations to continually reinforce their security protocols against evolving cyber threats.