Uber Tells 21,000 California Drivers Their Info Was Hacked—Nine Months Ago

Monday, March 02, 2015
(photo: Andrew Harrer, Bloomberg)

Uber picks up passengers considerably faster than it reveals that the personal information of its drivers has been compromised.

The San Francisco-based ride-sharing company disclosed on Saturday that a third party hacked from its database the names and driver’s license numbers of 50,000 current and former drivers, 21,000 from California.

Uber said the breach occurred in May 2014, it discovered the hack in September and has now begun alerting folks that they have been in harm’s way for nine months. The company offered the standard one-year of free membership in Experian’s® ProtectMyID® Alert to secure their accounts and assuage their fears.

“To date, we have not received any reports of actual misuse of any information as a result of this incident,” the company wrote in a blog post on its website. Then again, they were only now “notifying impacted drivers” with recommendations that they “monitor their credit reports for fraudulent transactions or accounts.”

Slate noted that “the company seems to hope its blog post on the matter will disappear from Internet memory. The URL is impressively unsearchable.”

Two months ago, Uber posted a blog item about how much it valued the importance of protecting the personal data and privacy of customers. It is “foundational to the trust between Uber and our riders.” The company hired the global law firm Hogan Lovells “to thoroughly examine how we safeguard rider data.”

That trust was dented just months before when it became known that Uber employed a tool it called “God View” to track Uber cars and customer history. BuzzFeed reporter Johana Bhuiyan wrote that Uber New York general manager Josh Mohrer greeted her unexpectedly outside his headquarters, held up his iPhone and said, “I was tracking you.” He also cited her tracking data during an interview to make a point.

Around that time, Uber Senior Vice President Emil Michael mused at a high-powered New York dinner party about spending $1 million to gather dirt on the company’s critics. 

Uber did not identify any suspects in the hacking, but filed a John Doe lawsuit in San Francisco federal court to gather information that could “lead to the confirmation of the identity of the third party.”

–Ken Broder


To Learn More:

Uber Database Breach Exposed Information of 50,000 Drivers, Company Confirms (by Colleen Taylor, Tech Crunch)

Uber Driver Database Breached by Someone Outside Company (by Mike Isaac, New York Times)     

50,000 Drivers Could Be Affected In Uber Data Hack (by Marlize van Romburgh, San Francisco Business Times)

Uber Security Breach May Have Affected Up to 50,000 Drivers (by Tracey Lien, Los Angeles Times)

Leave a comment