Uber reveals data hack of 57 millions users | finder.com

Uber reveals data hack of 57 millions users

Ryan Brinks 22 November 2017

Light shed on year-old hack of Uber driver and user data

Despite the unauthorized access, there has been no evidence of fraud or misuse of information.

Uber has revealed that it failed to notify millions of users about a data breach which occurred in late 2016.

At the end of last year, hackers gained access to drivers’ names and license numbers, as well as riders’ names, email addresses and mobile phone numbers, from a third-party service where the information was kept.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Uber chief executive Dara Khosrowshahi said in a statement.

The ridesharing service subsequently identified the individuals responsible and obtained assurances that the illegally downloaded data had been destroyed. However, Uber failed to report the incident to regulators.

Uber said there was no breach of its corporate systems and no apparent access to drivers’ or riders’ trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth.

To date, there has been no evidence of fraud or misuse connected with the inappropriate access, but drivers will be notified of the incident and provided free credit monitoring and identity theft protection as a safeguard.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said.

Khosrowshahi said the two individuals who led the response to the incident were no longer with the company.

Khosrowshahi has enlisted IronNet Security co-founder Matt Olsen to help guide and structure Uber’s security teams and processes going forward. Olsen is also the former director of the National Counterterrorism Center.

Khosrowshahi became Uber’s new CEO on August 30, 2017 after founder Travis Kalanick stepped down in June.

The Uber hack comes on the heels of several other high-profile incidents over the past year, including last week’s breach of Forever 21’s payment card data, last month’s $700,000 settlement of Hilton’s data breach, the recent expansion of Yahoo’s data breach to 3 billion accounts and the Equifax customer credit breach.

Earlier this week, Uber was penalized $8.9 million by the state Colorado for allowing 57 individuals with criminal or motor vehicle offenses, or without valid licenses, to be registered drivers with the company.

If you believe you’re the victim of identity theft, it’s important you contact the proper authorities, including local law enforcement, and consider liaising with your state attorney general or the Federal Trade Commission.

Regularly check your debit and credit card statements to ensure no fraudulent activity has occurred and you’re only paying for the things you buy. If you notice something out of the ordinary, contact your bank.

Latest news headlines

Picture: Mr.Whiskey/Shutterstock

Ask an Expert

You are about to post a question on finder.com:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms and Conditions and Privacy Policy.
Go to site