HopSkipDrive, a US-based ridesharing company, has suffered a third-party data breach, exposing the driver’s license numbers of many of its users.
The company, which provides services to mostly children and older adults, reached out to affected individuals, explaining that HopSkipDrive was breached in what was likely a ransomware attack.
“On or about July 25th, 2023, HopSkipDrive received an email communication from an unknown threat actor, claiming to have accessed certain third-party applications utilized by HopSkipDrive,” it said in a breach notification letter.
Ransomware gangs often steal data and later contact impacted organizations to demand a ransom payment.
A subsequent breach investigation revealed that attackers breached a third-party app used by HopSkipDrive in late May and roamed the network for nearly two weeks.
According to the company, attackers may have accessed usernames, mailing addresses, and email addresses, as well as driver’s license numbers or non-driver ID numbers.
Exposing driver’s licenses and ID numbers poses serious security risks for victims, as threat actors can use the data for identity fraud.
Information that HopSkipDrive submitted to the Maine Attorney General revealed that, in total, 155,394 may have been impacted by the security incident.
Established in 2015, HopSkipDrive often supplements the US school bus system, offering rides to children and older adults living in areas not serviced by the school bus system.
The company lists Denver Public Schools, the County of California, Federal Way Public Schools, and other organizations among its partners. The company claims to have completed over 3 million drives while working with over 16,000 schools.
More from Cybernews:
Subscribe to our newsletter