Uber on Friday revealed that its database with names and driver’s license numbers was breached in May. The company stated that it had not received any reports of misuse of information and has notified drivers.
More than 50,000 drivers were affected and have been offered one-year membership in Experian’s ProtectMyID Alert, an anti-theft protection service. Uber claimed that the breach was discovered in September while the database was hacked in May 13, 2014. The breach has reportedly leaked information of drivers in various states, but only affected a “small percentage” of current and former drivers.
“We have not received any reports of actual misuse of information as a result of this incident,” said Uber.
Uber stated that the breach was a one-time occurrence and has changed its access protocols for preventing similar incidents in the future. GitHub, a developer collaboration site refused to reveal the IP address which contained a login key for viewing a specific post after a request from the San Francisco company.
The company has filed a “John Doe” lawsuit in a bid to collect information legally. The ride-sharing company is the latest in the list of companies that were under hacked. Sony Pictures Entertainment suffered a major hack attack while Home Depot and Health insurer Anthem were also breached.
However, it remains unclear as to why the company sought to delay the announcement of the breach. Uber is hoping to find the identity of the third-party in order to prevent misuse of information. A major concern is the leak of the information online which can lead to identity thefts and the risk of security to former and current drivers.
As in Uber’s words:
- On September 17, 2014, we discovered that one of our databases could potentially have been accessed by a third party.
- Upon discovery, we immediately changed the access protocols for the database and began an in-depth investigation.
- Our investigation revealed that a one-time unauthorized access to an Uber database by a third party had occurred on May 13, 2014.
- Our investigation determined the unauthorized access impacted approximately 50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners.
- The files that were accessed contained only the name and driver’s license number of some driver partners.
- To date, we have not received any reports of actual misuse of any information as a result of this incident, but we are notifying impacted drivers and recommend these individuals monitor their credit reports for fraudulent transactions or accounts.
- Uber will provide a free one-year membership of Experian’s® ProtectMyID® Alert. If impacted driver partners have questions or need an alternative to enrolling online, please call (877) 297-7780 and provide the Engagement number listed in the notification letter.
- We have also filed what is referred to as a “John Doe” lawsuit so that we are able to gather information that may lead to confirmation of the identity of the third party.