A company having its private databases exposed is no longer the eyebrow-raising shock that it once was — these kind of incidents are now worryingly common — and Uber is the latest firm to report that its defenses have been breached. The cab-hailing service has announced that a hacking attempt last May could have exposed the data of up to 50,000 of its current and former drivers.
Uber says the breach was carried out by an “unauthorized third party” and that it took steps to plug the leak once it had been discovered (which didn’t happen until September). It’s reached out to the drivers whose information was potentially siphoned off, offering them a free one year membership to an identity theft protection service as compensation.
“We are notifying impacted drivers, but we have not received any reports of actual misuse of information as a result of this incident,” explains Uber’s Managing Counsel of Data Privacy Katherine Tassi. “Uber takes seriously our responsibility to safeguard personal information, and we are sorry for any inconvenience this incident may cause. In addition, today we filed a lawsuit that will enable us to gather information to help identify and prosecute this unauthorized third party.”
50,000 users is not a huge number relative to other recent hacks — Uber describes it as “a small percentage of current and former Uber drivers” — but if you have been registered as a driver with the service then you’re going to want to check your bank statements for any suspicious activity. The ‘John Doe’ lawsuit filed by Uber is designed to gather information about the as-yet-unknown third party responsible for the hack.
Despite a few bumps along the road, Uber is continuing its expansion across the world, and may even be eyeing up the driverless car market. Our verdict? Despite the company’s faults, getting an Uber is still a lot better than climbing into a normal cab.