Uber reveals data hack of 57 millions users
Despite the unauthorized access, there has been no evidence of fraud or misuse of information.
Uber has revealed that it failed to notify millions of users about a data breach which occurred in late 2016.
At the end of last year, hackers gained access to drivers’ names and license numbers, as well as riders’ names, email addresses and mobile phone numbers, from a third-party service where the information was kept.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Uber chief executive Dara Khosrowshahi said in a statement.
The ridesharing service subsequently identified the individuals responsible and obtained assurances that the illegally downloaded data had been destroyed. However, Uber failed to report the incident to regulators.
Uber said there was no breach of its corporate systems and no apparent access to drivers’ or riders’ trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth.
To date, there has been no evidence of fraud or misuse connected with the inappropriate access, but drivers will be notified of the incident and provided free credit monitoring and identity theft protection as a safeguard.
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said.
Khosrowshahi said the two individuals who led the response to the incident were no longer with the company.
Khosrowshahi has enlisted IronNet Security co-founder Matt Olsen to help guide and structure Uber’s security teams and processes going forward. Olsen is also the former director of the National Counterterrorism Center.
Khosrowshahi became Uber’s new CEO on August 30, 2017 after founder Travis Kalanick stepped down in June.
The Uber hack comes on the heels of several other high-profile incidents over the past year, including last week’s breach of Forever 21’s payment card data, last month’s $700,000 settlement of Hilton’s data breach, the recent expansion of Yahoo’s data breach to 3 billion accounts and the Equifax customer credit breach.
Earlier this week, Uber was penalized $8.9 million by the state Colorado for allowing 57 individuals with criminal or motor vehicle offenses, or without valid licenses, to be registered drivers with the company.
If you believe you’re the victim of identity theft, it’s important you contact the proper authorities, including local law enforcement, and consider liaising with your state attorney general or the Federal Trade Commission.
Regularly check your debit and credit card statements to ensure no fraudulent activity has occurred and you’re only paying for the things you buy. If you notice something out of the ordinary, contact your bank.