Uber security breach may have affected up to 50,000 drivers (updated)

Tracey Lien reports:

Thousands of Uber driver names and driver’s license numbers may be in the hands of an unauthorized third party due to a data breach that occurred last year, the ride-hailing company announced today.

In a statement, Uber’s managing counsel of data privacy Katherine Tassi said the company discovered on Sept. 17, 2014, that one of its many databases could have potentially been accessed because one of the keys required to unlock it had been compromised. Upon further investigation, it found the database had been accessed once by an unauthorized third party on May 13, 2014.

[…]

The database contained only the names and driver’s license numbers of approximately 50,000 former and current Uber drivers from various states. Of the affected drivers, about 21,000 are based in California.

Uber started reaching out to current and former drivers Friday, and is also notifying California’s attorney general of the breach.

Read more on Los Angeles Times.

And why did it take so long to disclose this??

Update: A copy of their notification letter has been uploaded to the California Attorney General’s web site.

About the author: Dissent