Uber says 2016 hack affected 2.7 million UK customers and drivers
As Uber prepares to defend itself following news that it suffered — and subsequently hid — a massive data breach in 2016, the company has begun shedding light on how many people it affected locally. At first count, 57 million global users were implicated in the attack, but the ride-hailing service today revealed that as many as 2.7 million UK customers and drivers had their names, email addresses and mobile phone numbers stolen.
Uber says the number is an approximation rather than an exact count, due to the fact that some users might disclose a location that is different to where they actually reside. Uber currently has over 5 million riders and 50,000 drivers in the UK, although figures would have been lower a year ago.
It also believes that trip location histories, credit card numbers, bank account numbers and dates of birth were not included in the breach, at least according to third-party forensics experts hired by the company.
Last week, the UK’s Information Commissioner’s Office (ICO) opened an investigation into the October 2016 hack, noting that it had “huge concerns” about Uber’s data practices and its decision not to disclose it. Uber kept details of the breach secret for about a year — although its new CEO knew two months before news went public — choosing instead to pay the hackers $100,000 to delete the information.
In a statement, Uber said that affected customers won’t need to take any further action. “We have seen no evidence of fraud or misuse tied to the incident,” it added. “We are monitoring the affected accounts and have flagged them for additional fraud protection.”