SAN FRANCISO – Uber announced that one of its databases was possibly breached last year, which could have put up to 50,000 former and current Uber drivers’ personal information at risk.
The breach was first discovered on September 17 of last year and Uber believes it was a onetime incident that happened on May 13, 2014. The database held the names and driver’s license numbers of thousands of Uber drivers in multiple states. Uber is a ride-hailing service that lets passengers connect with drivers via a smartphone app.
Uber said the security breach was perpetrated by an “unauthorized third party” but didn’t say how it discovered the vulnerability.
As soon as Uber found out about the breach it changed access to the database to stop any further leaks, the company said. It’s now notifying the drivers whose information was in the database and is offering them a free year membership to credit-monitoring company Experian.
“We have not received any reports of actual misuse of information as a result of this incident,” Uber’s managing counsel of data privacy, Katherine Tassi, said in a statement.
Security breaches have become so pervasive over the last year that earlier this month President Barack Obama signed an executive order addressing the issue. The order is meant to establish a framework to help businesses and government organizations “prioritize and optimize” their spending and quickly identify and protect themselves against cyberattacks.
