Last week, news broke that Uber had suffered a major security breach in 2016, which in all, affected 57 million users. Seven million drivers had their details stolen during the breach, alongside 50 million active Uber users. At the time, the company paid the hackers $100,000 and disguised the breach as a ‘bug bounty' to keep it quiet. Now, after some further digging, it seems that 2.7 million of those affected were Uber customers from the UK.
Uber Technologies informed Britain's data protection regulator, ICO, that 2.7 million UK residents were affected by the breach, which took place in late 2016.
In ICO's report, the regulator said: “Uber has confirmed its data breach in October 2016 affected approximately 2.7million user accounts in the UK. Uber has said the breach involved names, mobile phone numbers and email addresses. On its own this information is unlikely to pose a direct threat to citizens. However, its use may make other scams, such as bogus emails or calls appear more credible. People should continue to be vigilant and follow the advice from the NCSC.”
Currently, ICO is waiting on technical reports for full confirmation on the damage, including exact details on compromised personal information. Uber is expected to begin reaching out to those affected shortly to notify them.
KitGuru Says: Uber handled this situation very poorly. If you use Uber, then keep an eye out for anything that seems fishy, as well as any potential emails from the company, which will confirm if you have been directly affected.