HopSkipDrive, a service providing secure transportation for kids and the elderly, has confirmed a serious data breach affecting around 155,394 individuals. In late May 2023, hackers exploited a vulnerability in a third-party application, compromising the system for nearly two weeks. During this time, they potentially accessed sensitive data, including usernames, physical and email addresses, and driver’s license numbers.
Given that HopSkipDrive’s clientele predominantly includes minors and older adults, the breach raises significant concerns about the risks of identity theft and fraud for these particularly susceptible groups. With a history of facilitating over 3 million rides and collaboration with upwards of 16,000 schools, HopSkipDrive is now tackling a cybersecurity emergency. The company has initiated steps to notify those affected and is dealing with the repercussions of this unfortunate security lapse.
Addressing the Aftermath
Following a significant security incident, HopSkipDrive rapidly informed stakeholders and reported the breach, suspected to be a ransomware attack, to the Maine Attorney General. The exposure of children’s data has intensified scrutiny on data protection practices within such organizations.
In response to the breach, HopSkipDrive is diligently working on an in-depth investigation to grasp the breadth and methodologies of the breach. The company is reinforcing its commitment to user privacy by enhancing its security measures. This latest cybersecurity event highlights the pressing need for industry-wide adherence to the most robust security standards and continuous vigilance against evolving cyber threats to safeguard sensitive information.