Uber reveals huge 2016 data hack
Names, email addresses and mobile phone number of 57 million Uber users worldwide were accessed in late 2016, Uber has revealed.
This number includes the names and driver’s licence numbers of around 600,000 drivers in the United States.
Uber’s CEO, Dara Khosrowshahi, said two people outside of the company accessed user data stored on a third-party cloud-based service that it uses.
He added that Uber’s forensic experts haven’t seen any evidence of credit card numbers, bank account numbers, social security or date of birth information having been downloaded.
However, if you’re an Uber user, it may be best to keep an eye on your bank account and your credit report for any suspicious activity.
While the incident “didn’t breach its corporate systems or infrastructure”, Uber said it has implemented security measures to restrict access to and strengthen controls of its cloud-based storage accounts.
The two people who accessed the data assured the taxi-hailing app company that the data had been destroyed. A report in Bloomberg, which uncovered the data breach, suggested that Uber had paid hackers $100,000 to delete the information and keep quiet about the incident. Uber confirmed the reports were correct.
Khosrowshahi, said: “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Alex Neill, Which? managing director of home products and services, said: “Uber’s data breach – and the fact that it’s been hidden – will worry customers and drivers alike. It’s critical that the company does all that it can to ensure affected people get clear information about what’s happened.
“Data breaches are becoming more and more common and yet the protections for consumers are lagging behind. The UK government should use the Data Protection Bill to give independent bodies the power to seek collective redress on behalf of affected customers when a company has failed to take sufficient action following a data breach.”