A 2016 data breach at ride-hailing app Uber saw 57 million user records accessed, the firm has now confessed.
Names, email addresses and mobile numbers were stolen from 57 million Uber users globally, including customers and drivers. Around 600,000 drivers in the US had their driving licence numbers stolen.
In an open letter new Uber CEO Dara Khosrowshahi said he’d recently learned that in late 2016 ‘two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service.’
Uber identified the two individuals and ‘obtained assurances that the downloaded data had been destroyed.’
‘Huge concerns’ about Uber’s data protection
The Information Commissioner’s Office – the data watchdog – has slammed Uber following the revelations, saying they raise ‘huge concerns around Uber’s data protection policies and ethics.’ It’s now investigating the scale and impact on UK customers.
Responding to the news, Which? managing director of home products and services Alex Neill said: ‘Uber’s data breach – and the fact that it’s been hidden – will worry customers and drivers alike. It’s critical that the company does all that it can to ensure affected people get clear information about what’s happened.
‘Data breaches are becoming more and more common and yet the protections for consumers are lagging behind. The UK Government should use the Data Protection Bill to give independent bodies the power to seek collective redress on behalf of affected customers when a company has failed to take sufficient action following a data breach.’
Uber customers in the dark
Affected drivers are being notified and offered free credit monitoring and ID theft protection – but Uber has decided not to extend this courtesy to the millions of affected customers.
This means individual customers have no way of knowing whether they were affected.
Uber says it’s not seen evidence of fraud or misuse linked to the incident, but it’s monitoring the affected accounts and has flagged them for additional fraud protection.
Data breach survival tips
Have you been affected by a data breach? Make sure you:
- Change any related passwords
- Keep an eye on your bank accounts and report any unusual activity to your bank
- Claim compensation by complaining to the company that lost your data
- You can also take your concerns with how the organisation processed your data to the Information Commissioner’s Office (ICO)
For more information see our guide for how to claim compensation following a data breach.