In October 2016, Uber experienced a data security incident that resulted in a breach of information related to rider and driver accounts.
Rider information included the names, email addresses and mobile phone numbers related to accounts globally. Their outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.
When this happened, they said they took immediate steps to secure the data, shut down further unauthorized access, and strengthen our data security.
The company paid the hackers $100,000 to delete the data and keep the breach quiet.
Uber fired Chief Security Officer Joe Sullivan for his role and CEO Dara Khosrowshahi, who was not with the company at the time of the hack, said “none of this should have happened.”
The U.K.’s Information Commissioner’s Office (ICO) said that Uber could face an investigation and even potential fines up to £500,000 “We will be investigating but as regards what actions we eventually take, that depends on what we find, and obviously it’s very early days at this stage,” an ICO spokesperson said.
What Should You Do ?
Uber said they do not believe any individual rider needs to take any action. They have seen no evidence of fraud or misuse tied to the incident. They are monitoring the affected accounts and have flagged them for additional fraud protection.
They encourage all users to regularly monitor their credit and accounts, including their Uber account, for any issues. Please let Uber know via the Help Center if you see anything unexpected or unusual related to your Uber account. You can do this by tapping “Help” in your app, then “Account and Payment Options” > “I have an unknown charge” > “I think my account has been hacked”.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.