Have You Been Affected by This Massive Data Breach?


Published March 13, 2018 at 6:08 pm


A popular company is following up with customers in the wake of a major data breach that allowed unauthorized individuals to access client information.

And even though the breach itself wasn’t recent, the company is still monitoring a number of affected accounts. 

“As you may know, we encountered a data security incident in 2016,” Uber wrote in a recent newsletter to customers, before adding that there is currently no evidence that the illegally-accessed information has been misused.

“We take this matter seriously and have worked with external forensic experts to understand the impact. We’ve seen no evidence of fraud or misuse tied to the incident, but we wanted to make sure you’re aware of it and have the facts because it included your [the customer’s] information.”

The incident was first addressed last year when Uber CEO Dara Khosrowshahi told users that the company was working to rebuild trust.

Prior to the statement, the company faced backlash over the extensive delay in informing users that their information had been illegally accessed.

“As Uber’s CEO, it’s my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of. For that to happen, we have to be honest and transparent as we work to repair our past mistakes,” he said in a statement.

As for what happened, Uber says that in November 2016, the popular ridesharing company became aware that two individuals outside Uber had accessed certain user data stored with a third-party service.

“To the best of our knowledge, the unauthorized access began on October 13, 2016 and ended no later than November 15, 2016,” Uber says.

Customers were not made aware of the incident until 2017. 

The ridesharing company says the breach resulted in unauthorized people obtaining some personal information of 57 million Uber users around the world.

Driver data was also accessed.  

Uber says the files that were accessed contained user information that the company used to operate its services. For nearly all users, this included the name, email address, and mobile phone number used on the affected account before 2016.

Uber said its forensics experts have seen no indication that trip location history, dates of birth, or payment information were accessed or downloaded.

“In some cases, the information also included information collected from or created about users by Uber, such as: Uber internal user IDs (UUID); certain one-time locational information, such as the latitude and longitude of the location where you first signed up for Uber; user “tokens”; user ratings and scores; short notes by Uber personnel; passwords protected through a technical process called “hashing and salting”; and drivers’ payment statements,” Uber wrote.

The company says it has worked to secure the data and increase security measures in the wake of the incident.

“Please be assured when the incident occurred, we took immediate steps to secure the data, shut down further unauthorized access, and strengthen our data security. We do not believe that you need to take any action as a result of this incident.”

That said, Uber has still flagged some accounts for additional fraud protection and is “continuing to monitor all accounts impacted.”

“We apologize for this incident. We pride ourselves on representing the best interests of rider and driver communities across Canada, and are committed to maintaining the integrity and security of your personal information.”

Anyone with concerns about the safety of their personal information should contact Uber for more information.

INsauga's Editorial Standards and Policies advertising