![](https://techcrunch.com/wp-content/uploads/2023/07/GettyImages-1365148935.jpg?w=600)
Scholar engagement startup HopSkipDrive has confirmed an information breach involving the private information of greater than 155,000 drivers.
Los Angeles-based HopSkipDrive gives an Uber-style ride-sharing service for teenagers and teenagers. The startup, which has raised no less than $90 million since its founding in 2014, companions with college districts to move college students who reside outdoors conventional bus routes or want additional help getting to high school.
In a submitting with the Maine Legal professional Common final week, HopSkipDrive confirmed that it was concerned in a cybersecurity incident in June that led to an information breach affecting 155,394 drivers. HopSkipDrive mentioned the stolen information included names, electronic mail and postal addresses, driver’s license numbers and ID numbers aside from the motive force.
These affected embrace “individuals who drive on our platform or who’ve utilized to drive on our platform,” HopSkipDrive spokesperson Campbell Millom informed TechCrunch. Millom added that no worker or buyer information was accessed within the hack.
The corporate confirmed to TechCrunch that it first found the breach on June 12, 2023, when it “detected suspicious exercise on some third-party purposes utilized by our group.” The corporate refused to call the hacked purposes.
In a message despatched to these affected, HopSkipDrive mentioned it first turned conscious of the difficulty after receiving an electronic mail from an unknown risk actor.
When TechCrunch requested why it took the corporate months to inform affected drivers, a HopSkipDrive spokesperson rejected claims of delays in firm communications, including that the corporate first notified affected people within the first week of July and “has continued communications since then.”
“We instantly launched an investigation, engaged consultants to assist consider the scope of the accident, and took steps to mitigate the potential affect on our neighborhood,” the letter despatched to affected drivers mentioned. “A 3rd-party forensic investigation decided that the incident occurred between Might 31, 2023 and June 10, 2023.”
HopSkipDrive mentioned it was “dedicated to strengthening the safety of our methods to forestall an identical occasion from occurring once more sooner or later,” however didn’t element what further safeguards it had in place.
TechCrunch requested HopSkipDrive, whose management web page doesn’t checklist the title of its chief safety officer, whether or not it has a devoted CEO to deal with cybersecurity on the firm. HopSkipDrive mentioned it has “data safety consultants on each our authorized and expertise groups.”