A month after a major personal data hack impacting 27 million passengers and six million drivers of an Iranian taxi app, the company remains silent about the breach.
Tapsi's official communication channels, including their website, Instagram, Telegram, and blog, have seen updates since the incident, but they provide no information regarding the hack's specifics, how it occurred, or related details.
The news of the hack and data leak involving over 33 million Tapsi users first came to light on September 2, through a Telegram channel. Shortly afterward, Milad Monshipour, Tapsi's founder and CEO, confirmed the incident on his Twitter account, noting that the hackers had attempted extortion.
The hackers claimed to have engaged in a two-week negotiation with Tapsi's management before publicly disclosing the breach and demanding a $35,000 ransom payment, which the company refused.
Ultimately, the hackers publicly traded the stolen information, leaving the identity of those accessing the sensitive data unclear.
While large-scale privacy data breaches might not be uncommon in Iran, the magnitude and significance of the particular incident have elevated the Tapsi hack to one of the most prominent cases of a private company data breach in the country.
The situation underscores the absence of robust laws and substantial penalties for mishandling personal information, as well as the inability for users to request the removal of their data. It also highlights the recurring concern of data leaks impacting the financial and emotional lives of Iranian citizens.