iRent, the largest car-sharing brand in China, raised doubts about the outflow of members' personal information. iRent decided to increase the principle of information security protection, and actively expanded the definition of "personal data risk objects". For 400,100 users who were involved in potential risks, iRent has strengthened and improved. Sincere apologies.

(provided by the operator)

[Reporter Yang Yamin/Taipei Report] iRent, the largest car-sharing brand in China, raised concerns about the outflow of members' personal data. iRent decided to increase the principle of information security protection, and actively expanded the definition of "personal data risk objects". It has involved 400,100 potential risks Users, iRent has made improvements and sincerely apologizes.

After several days of investigation, iRent initially discovered and notified that "140,000 users may be affected in the past three months", but based on the attitude of cherishing members' rights and actively preventing fraud, it decided to increase the principle of information security protection.

Please read on...

Actively expand and adjust the definition of "personal data risk object" to "all 400,100 users who have been involved in potential risks since the temporary database was launched", all of which are included in the scope of this correspondence.

For users in this range, email notifications have been sent in the evening of 2/1, and 3 hours of compensation will be provided on 2/2, and an announcement will also be made on the official website to remind all members to be aware of potential fraud risks, and at the same time assign special personnel to continuously monitor members Whether personal information has been violated.

According to iRent, the reason for this incident was that "the temporary database used internally to record the application log files, because the external connection was not properly blocked, the database may be accessed by external professional information personnel using specific tools and techniques. Query the membership transaction data in the past three months.

The personal information recorded in the temporary database includes member name, phone number, address, masked credit card information (to eliminate doubts about fraudulent credit card), ID card, birthday, email, emergency contact, and photo file uploaded by the applicant member (encoded) , may be subject to external inquiries.

iRent has notified risky users to pay attention, and commissioned an external professional information security company to monitor whether there is any leakage of member information. The brand expresses its deepest apology.

Subsequent iRent not only performs host system vulnerability scanning and penetration scanning, but also scans the source code of the App part to ensure that the customer's transaction process is fully encrypted with SSL security, and starts to pack.

In addition to reporting the improvement plan to the competent authority, we will cooperate with third-party professional information security units to conduct incident investigations, upgrade information security protection with the highest standards, and manage user data with a more rigorous attitude, properly keep and use them.

Grasp the pulse of the economy with one hand I subscribe to Free Finance Youtube channel

Already added friends, thank you

Welcome to 【Free Finance】

feel good

Already liked it, thank you.

related news