The transportation giant Uber discloses a Data Breach

Pierluigi Paganini February 28, 2015

The giant Uber announced a data breach that resulted in unauthorized access to the driver partner license numbers of roughly 50,000 of its drivers.

Are you a user of the Uber service? There is a bad news for you! Uber also enters the long list of companies who are victims of a data breach.

On Friday, the Uber firm has announced the incident with an official statement on its website, the note reports that expert of the company had identified a “one-time access of an Uber database” by an unauthorized third party in May 2014. The unauthorized access resulted in the disclosure of user data related to a “small percentage” of Uber driver partners.

“A small percentage of current and former Uber driver partner names and driver’s license numbers were contained in the database,” the statement, posted by Katherine Tassi, Uber’s Managing Counsel of Data Privacy, wrote. “Immediately upon discovery we changed the access protocols for the database, removing the possibility of unauthorized access. We are notifying impacted drivers, but we have not received any reports of actual misuse of information as a result of this incident.”

As part of the incident response procedure the experts of the company notified the data breach to the authorities and they have changed the access protocols for the database, removing the possibility of unauthorized access.

Of course, Uber is notifying impacted drivers, anyway the company declared that has not received any reports of actual misuse of the stolen data.

Uber App Screens

Below the timeline of the data breaches, according to Weber:

  • On September 17, 2014, Uber discovered that one of its databases could potentially have been accessed by a third party.
  • Upon discovery Uber immediately changed the access protocols for the database and started its investigation on the incident.
  • An investigation revealed that a one-time unauthorized access to an Uber database by a third party had occurred on May 13, 2014. The unauthorized access exposed approximately 50,000 drivers across multiple states, according Uber it is a small percentage of current and former Uber driver partners.
  • According to Tassi, Uber has not received any reports of actual misuse of any information as a result of this incident, anyway the company is notifying impacted partner drivers.
  • Uber said it would provide a one year of free credit monitoring service through Experian.
  • Additionally, Tassi said the company has filed what is referred to as a “John Doe” lawsuit in order to help gather information that may help identity the malicious actor(s).

 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Uber data breach, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment