Did you have Uber in Data Breach Bingo? If so, you can mark them off your card as Uber reported yesterday that the personal information of 50,000 drivers was compromised. Even more curious is that the breach happened almost a year ago, in May 2014. Uber detected the breach in September, and took steps to upgrade their security at that time. According to their research, the data was leaked in a one-time event and included driver’s names and drivers license numbers.
In a blog post on 2/27/15, Uber’s Managing Counsel of Data Privacy, Katherine Tassi provided the following update:
Here’s what we know:
- On September 17, 2014, we discovered that one of our databases could potentially have been accessed by a third party.
- Upon discovery we immediately changed the access protocols for the database and began an in-depth investigation.
- Our investigation revealed that a one-time unauthorized access to an Uber database by a third party had occurred on May 13, 2014.
- Our investigation determined the unauthorized access impacted approximately 50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners.
- The files that were accessed contained only the name and driver’s license number of some driver partners.
- To date, we have not received any reports of actual misuse of any information as a result of this incident, but we are notifying impacted drivers and recommend these individuals monitor their credit reports for fraudulent transactions or accounts.
- Uber will provide a free one-year membership of Experian’s® ProtectMyID® Alert. If impacted driver partners have questions or need an alternative to enrolling online, please call (877) 297-7780 and provide the Engagement number listed in the notification letter.
- We have also filed what is referred to as a “John Doe” lawsuit so that we are able to gather information that may lead to confirmation of the identity of the third party.
Good to know that no fraudulent misuse of the drivers’ information has been reported, and it’s also a nice touch that Uber has taken it upon themselves to provide credit monitoring to the affected drivers.
Is everyone else as sick of these data breaches as we are? Let us know what you think in the comments or on your favorite social network.Source: Uber Blog