Authored by a Symantec employee

 

Ridesharing company Uber Technologies, Inc. has disclosed that hackers have stolen the personal information of about 57 million customers and drivers, according to a report by Bloomberg News. The news outlet also reported that Uber discovered the data breach in late 2016, and then waited to disclose the news almost a year later.

What was stolen?

CEO Dara Khosrowshahi states in a press release on Uber’s website that the stolen information included the following:

  • The names and driver’s license numbers of around 600,000 drivers in the United States. It is important to note that the driver’s license numbers affect the drivers working for Uber and not their ridesharing customers.
  • Aside from the driver’s license numbers, other personal information of all 57 million Uber riders and drivers around the world was compromised: names, email addresses and mobile phone numbers.
  • According to the company’s statement: “Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.”

Uber rider or driver? Here’s what you need to know:

For Uber riders, the company says it doesn’t believe affected individuals need to take action. “We have seen no evidence of fraud or misuse tied to the incident,” its statement to riders said. “We are monitoring the affected accounts and have flagged them for additional fraud protection.”

While Uber states that there is no need for action, there are still things you should be on the lookout for when breaches of this magnitude occur. When popular companies are gaining major headlines in the mainstream media, scammers may attempt to take advantage of the chatter around this incident.

Uber has stated that it’s notifying affected drivers whose driver’s license numbers were accessed and are providing them with free credit monitoring and identity theft protection service. The company is providing additional information for their drivers on their website.

Cybercriminals may attempt to launch phishing attacks, appearing to come from Uber, hoping to trick unsuspecting customers into providing personal information, such as account credentials or payment card information. In the case of a major security incident like this, it’s always best to go straight to the source — the company’s official website, and not click on any of the links in the email. Be sure to also check the actual email address to ensure a message is from the company or person it appears to be from. Also, don’t click on an emailed link or attachment without verifying the email’s authenticity.

How the Uber breach happened

Uber said two people who didn’t work for the company accessed the data on a third-party cloud-based service that Uber uses. The company also said that outside forensics experts have not seen evidence that the hackers accessed other types of information.

How to protect yourself when using ridesharing servicesWhile ridesharing apps may seem like the wave of the future, it is still a relatively new technology. And with all new technologies, it is important to be informed about what they mean for your privacy. For a deeper dive into ridesharing technologies and how to choose them wisely, you can check out “How ridesharing services can take your privacy for a ride.


Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.