Save, make, understand money

Household Bills

Over two million UK Uber users affected by data breach

Paloma Kubiak
Written By:
Paloma Kubiak

An estimated 2.7 million Uber users and drivers in the UK had their personal details stolen last year.

Names, email addresses and mobile phone numbers of 57 million Uber users worldwide were accessed in October 2016, Uber revealed last week.

Now, it says in the UK, the breach involved approximately 2.7 million riders and drivers. It added that its forensics experts haven’t seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded.

As such, Uber said it doesn’t believe customers need to take any action as it’s yet to see any evidence of fraud or misuse tied to the incident, acing that it continues to monitor affected accounts.

But if you’re a worried Uber user, you should monitor your account and if you do spot something unusual, these are the steps to take:

Tap “Help” in your app, then “Account and Payment Options” > “I have an unknown charge” > “I think my account has been hacked”.

The National Cyber Security Centre (NCSC) gives the following information:

Don’t feel obliged to delete the app

The incident took place over a year ago and there’s no evidence of additional risk having the app on your phone today. However, if you do want to delete your Uber account, deleting the app isn’t enough to remove your data from their systems. To remove your data from their systems you also need to delete your account by following the advice found in the link.

Immediately change passwords you used with Uber

Legitimate users can make a compromised password useless by replacing it with a new one the attacker does not know. If you re-used the same password on other accounts, you should change the password on those too.

Be alert to potential phishing emails

Phishing attacks can come through emails sent by strangers that mimic an established or trusted party to lure compromising information from the recipient. Since Uber’s data includes personal information, these could be used by scammers to make phishing emails more convincing.

Be vigilant to potential scam phone calls

Be vigilant against phone calls you receive. If you do receive a phone call that is suspicious – for example, one that asks you for security information – hang up. When you next pick up the phone, make sure there is a dial tone to ensure the caller isn’t still on the line. Immediately contact the organisation that the caller claimed to be from using a phone number found on the company website. Do not use any details provided during the previous call – these could be bogus.

Contact Action Fraud if you think you have been a victim

If you think you have been a victim of cyber crime or fraud, you should contact Action Fraud for help or call 0300 123 2040.