- A security breach at Uber may have disclosed the names and driver’s license numbers of about 50,000 drivers across multiple states
- The company discovered the breach in September 2014, patched up the hole in its security, and waited five months to disclose that the hack occurred
- The company has offered those affected a one-year membership in an identity protection service
A security breach at cab-hailing service Uber more than nine months ago may have disclosed the names and driver’s license numbers of about 50,000 drivers across multiple states, the company said in a statement.
In the statement by Katherine Tassi, Uber’s managing counsel of data privacy, posted to Uber’s blog Friday, Tassi said the breach involved current and former Uber drivers. The company has notified attorneys general in states where those drivers live, including California.
‘To date, we have not received any reports of actual misuse of any information as a result of this incident,’ the company said.
Uber: A security breach at car service Uber more than nine months ago may have disclosed the names and driver’s license numbers of about 50,000 drivers across multiple states
However, the ride-hailing app advised drivers to monitor their credit reports for fraudulent transactions.
Tassi said in the statement that the breach occurred in May 2014 and was discovered in September.
Upon discovery discovery of the hack, the company changed database access protocols and began an investigation.
An Uber spokesman told the New York Post that the company waited so long — more than five months — to disclose the hack because an investigation was being conducted. The spokesman declined to elaborate.
A cybersecurity expert for risk consulting firm Kroll told the Los Angeles Times that having access to a driver’s name and license number may not be enough for identity theft, but if used along with other personal information — like a birth date or credit card number — it could pose a threat.
Breach: The company said in a statement that the breach was discovered in September 2014, but the actual hack occurred about four months earlier (stock image)
Of the 50,000 drivers that may have been affected, approximately 21,000 are based in California, the LA Times reports.
The company said a ‘one-time unauthorized access’ occurred by a third party in the breach and the company filed a ‘John Doe’ lawsuit in a federal court in San Francisco on Friday against the unnamed individual.
The lawsuit could be used to help uncover the hacker’s identity.
As well as advising drivers to monitor their credit reports, the company is offering those affected a one-year free membership in an identity protection service.
India: Uber’s ongoing legal battles in India have sparked protests against the company by those seeking to ban the ride-hailing app in the country
The company has raised more than $4 billion from prominent venture capital firms such as Benchmark and Google Ventures, valuing Uber at $40 billion and making it the most valuable startup in the United States.
However, the multi-billion dollar company has come under much fire recently with allegations that company officials accessed the information of passengers improperly.
Also, its ongoing legal battles in India have sparked protests against the company by those seeking to ban the ride-hailing app in the country.
Source: Daily Mail