Over two million UK Uber users affected by data breach
Names, email addresses and mobile phone numbers of 57 million Uber users worldwide were accessed in October 2016, Uber revealed last week.
Now, it says in the UK, the breach involved approximately 2.7 million riders and drivers. It added that its forensics experts haven’t seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded.
As such, Uber said it doesn’t believe customers need to take any action as it’s yet to see any evidence of fraud or misuse tied to the incident, acing that it continues to monitor affected accounts.
But if you’re a worried Uber user, you should monitor your account and if you do spot something unusual, these are the steps to take:
Tap “Help” in your app, then “Account and Payment Options” > “I have an unknown charge” > “I think my account has been hacked”.
The National Cyber Security Centre (NCSC) gives the following information:
Don’t feel obliged to delete the app
The incident took place over a year ago and there’s no evidence of additional risk having the app on your phone today. However, if you do want to delete your Uber account, deleting the app isn’t enough to remove your data from their systems. To remove your data from their systems you also need to delete your account by following the advice found in the link.
Immediately change passwords you used with Uber
Legitimate users can make a compromised password useless by replacing it with a new one the attacker does not know. If you re-used the same password on other accounts, you should change the password on those too.
Be alert to potential phishing emails
Phishing attacks can come through emails sent by strangers that mimic an established or trusted party to lure compromising information from the recipient. Since Uber’s data includes personal information, these could be used by scammers to make phishing emails more convincing.
Be vigilant to potential scam phone calls
Be vigilant against phone calls you receive. If you do receive a phone call that is suspicious – for example, one that asks you for security information – hang up. When you next pick up the phone, make sure there is a dial tone to ensure the caller isn’t still on the line. Immediately contact the organisation that the caller claimed to be from using a phone number found on the company website. Do not use any details provided during the previous call – these could be bogus.
Contact Action Fraud if you think you have been a victim
If you think you have been a victim of cyber crime or fraud, you should contact Action Fraud for help or call 0300 123 2040.