Are you an Uber driver? Your data might have been accessed by an unauthorized third party last year, according to a new data breach disclosure by the ride-sharing company. About 50,000 drivers were affected by the hack, although no known misuses of the information have been reported.
Surprisingly, this happened nine months ago and Uber found out five months ago, but only now are they revealing the breach which infuriated a selection of it's drivers, some of whom took it to the UberPeople forum to complain.
"In late 2014, we identified a one-time access of an Uber database by an unauthorized third party," Uber's managing counsel of data privacy Katherine Tassi wrote, on the company's blog. "A small percentage of current and former Uber driver partner names and driver's license numbers were contained in the database," she explained. As soon as it discovered the breach, Uber changed the access protocols for the database, so whoever hacked into it couldn't get back in.
However, data from 50,000 drivers was stolen. Uber is now notifying impacted drivers, but stresses that no reports of fraudulent use were filed up until now. Yet the company will offer a free one-year membership of Experian's ProtectMyID Alert to the affected drivers.
"Uber takes seriously our responsibility to safeguard personal information, and we are sorry for any inconvenience this incident may cause," Katherine Tassi apologised. "In addition, today we filed a lawsuit that will enable us to gather information to help identify and prosecute this unauthorised third party," she revealed. This is a "John Doe" lawsuit and the aim is to gather information and identify the third party who accessed its network. Uber has been making an effort to become an established brand, by partnering with renowned names and trying to show reluctant regions that it is good for the economy.
But the hack is the latest of an increasing number of incidents and data breach disclosures by companies who retain a lot of customer data. In late 2013, Target was attacked and 70 million customers' data was exposed, costing the retailer a total of $162 million, according to a recent study. During that year's holidays, Neiman Marcus was also the target of an attack. Companies are increasingly under scrutiny for how well they protect their databases, as the Sony hack also showed last December.
Here are the details of what happened at Uber:
• Uber discovered a breach in one of its databases on September 17, 2014
• The company changed the access protocols immediately and found out the attack occurred on May 13, 2014
• This unauthorised access impacted 50,000 drivers across multiple states, which Uber says is a small percentage of current and former Uber drivers
• The files that were accessed contained the name and driver's license number of the drivers
• Uber is recommending that the affected individuals monitor their credit reports for fraudulent transactions or accounts. #Security