Categories: Breaking NewsCyber CrimeMobileSecurity

The transportation giant Uber discloses a Data Breach

The giant Uber announced a data breach that resulted in unauthorized access to the driver partner license numbers of roughly 50,000 of its drivers.

Are you a user of the Uber service? There is a bad news for you! Uber also enters the long list of companies who are victims of a data breach.

On Friday, the Uber firm has announced the incident with an official statement on its website, the note reports that expert of the company had identified a “one-time access of an Uber database” by an unauthorized third party in May 2014. The unauthorized access resulted in the disclosure of user data related to a “small percentage” of Uber driver partners.

“A small percentage of current and former Uber driver partner names and driver’s license numbers were contained in the database,” the statement, posted by Katherine Tassi, Uber’s Managing Counsel of Data Privacy, wrote. “Immediately upon discovery we changed the access protocols for the database, removing the possibility of unauthorized access. We are notifying impacted drivers, but we have not received any reports of actual misuse of information as a result of this incident.”

As part of the incident response procedure the experts of the company notified the data breach to the authorities and they have changed the access protocols for the database, removing the possibility of unauthorized access.

Of course, Uber is notifying impacted drivers, anyway the company declared that has not received any reports of actual misuse of the stolen data.

Below the timeline of the data breaches, according to Weber:

On September 17, 2014, Uber discovered that one of its databases could potentially have been accessed by a third party.
Upon discovery Uber immediately changed the access protocols for the database and started its investigation on the incident.
An investigation revealed that a one-time unauthorized access to an Uber database by a third party had occurred on May 13, 2014. The unauthorized access exposed approximately 50,000 drivers across multiple states, according Uber it is a small percentage of current and former Uber driver partners.
According to Tassi, Uber has not received any reports of actual misuse of any information as a result of this incident, anyway the company is notifying impacted partner drivers.
Uber said it would provide a one year of free credit monitoring service through Experian.
Additionally, Tassi said the company has filed what is referred to as a “John Doe” lawsuit in order to help gather information that may help identity the malicious actor(s).

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Uber data breach, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.