Uber admits data breach exposed personal details of 50,000 drivers

Uber has revealed it was hacked last year in a security breach that exposed the personal details of around 50,000 drivers.

The cyber attack happened last May but was discovered in September. Uber blamed an “unauthorised third party” and believes it only happened the once though it has taken steps to close the leak since.

Those drivers that were affected have been contacted and offered a free one-year membership to an identity theft protection service as compensation. The hacked data would have included the names and driver’s license numbers of its staff.

Uber has filed a “John Doe” lawsuit to discover the identity of the hacker.

Katherine Tassi, Uber's managing counsel of data privacy, said: “We are notifying impacted drivers, but we have not received any reports of actual misuse of information as a result of this incident.

“Uber takes seriously our responsibility to safeguard personal information, and we are sorry for any inconvenience this incident may cause. In addition, today we filed a lawsuit that will enable us to gather information to help identify and prosecute this unauthorized third party.

Tassi said the hack impacted only a “small percentage” of its staff, a reflection of its scale in relation to other high profile cyber attacks. Sony is the most high-profile victim in recent years after a hack stole staff details and emails as well as scripts and unreleased movies last November.

Join us, it's free.

Become a member to get access to:

  • Exclusive Content
  • Daily and specialised newsletters
  • Research and analysis

Join us, it’s free.

Want to read this article and others just like it? All you need to do is become a member of The Drum. Basic membership is quick, free and you will be able to receive daily news updates.