Skip to main content

The Uber data breach: What you need to know

Personal information of 57 million Uber users was accessed.
  • Author:
  • Updated:
    Original:

What's happened?

The new CEO of Uber, Dara Khosrowshahi, revealed on Tuesday evening that the ride-sharing giant had been the victim of a data breach in 2016.

Two hackers were able to break into a company providing cloud-based storage for Uber, stealing personal information of 57 million Uber users around the world.

What was taken? 

Uber says the 57 million people affected had information including their names, email addresses and cellphone numbers compromised.

A further 600,000 Uber drivers in the United States had their names and driver's license numbers stolen. 

Uber says there's no indication the breach compromised any trip location history, bank or credit card numbers, Social Security numbers, or dates of birth of riders.

But wait, it gets worse

At the time of the incident, Uber said it took steps to secure the data and shut down further access, identifying the people responsible and "obtained assurances that the downloaded data had been destroyed."

By "obtained assurances," Bloomberg reports this means Uber paid these hackers $100,000 not only to delete the data, but also to keep the hack secret for the past year.

Two staff members, including its chief security officer, has been fired for keeping the hack under wraps.

How will I know if I'm affected?

Although Uber said it believes the information was never used, it is still offering free credit monitoring to the 600,000 people whose driver's licenses were compromised, which could put them at greater risk of identity theft.

These people can expect to be contacted by Uber informing them their information was compromised in later weeks. They can find more information hereabout what to do next.

As for the 57 million riders whose data was accessed, Uber says it has "seen no evidence of fraud or misuse tied to the incident." 

It says it's monitoring their accounts and "flagged them for additional fraud" protection but right now riders are advised to monitor their credit, banking and Uber accounts for any suspicious activity.

Wider context

Uber's breach was smaller in terms of size and the sensitivity of stolen information compared to two of the biggest breaches revealed this year, of Yahoo and Equifax

However, the New York Times reports the cover-up shows "the extent to which Uber executives were willing to go" to protect the company's reputation at a time where it's been under the microscope for its data privacy practices.

As well as paying the $100,000 "ransom" to the hackers, they even went as far as making them sign nondisclosure agreements to keep it secret, the newspaper notes.

Amid the aforementioned data privacy concerns, it will be quite the road back for Uber to regain the trust of its riders and drivers, something Khosrowshahi acknowledges in his statement.

Next Up

ITT Tech

Student loans cancelled for 1,380 Minnesota ITT Tech students

President Joe Biden moved to cancel the federal debt this week.

Screen Shot 2022-08-19 at 2.17.19 PM

Twine kills 2 young ospreys in Long Lake, Minnesota

One bird was found hanging by its leg from the nest.

Mindy Kiepe

5 Great Danes kill owner on northwest Iowa farm

The dogs were euthanized after the incident.

Becker Public Schools

School district sued by teachers' union over staff 'gag order'

The district has faced heightened scrutiny for months now.

Andrew Luger, former U.S. Attorney of Minnesota

After dozens of arrests, concern over rising 'militaristic' weapons on MN streets

The U.S. Attorney provided an update on the violent crime strategy in collaboration with federal and local law enforcement agencies.

Screen Shot 2022-08-19 at 1.31.41 PM

Outrage after ‘vote with bullets’ remarks from GOP Senate candidate

The candidate's comments were recently brought to light in a video recording.

State Patrol

2 killed after driver crosses center line near Silver Lake

A toddler in the vehicle survived the crash.

Screen Shot 2022-08-10 at 4.12.14 PM

The answer to winter woes: St. Paul's upcoming Palm Springs-style supper club

Take a first look at inside the menu at The Apostle Supper Club.

Muhammad Masood

Guilty plea: Ex-Mayo Clinic researcher tried to fly to Syria and fight for ISIS

Muhammad Masood, 30, pleaded guilty to attempting to provide material support to a designated foreign terrorist organization in U.S. District Court Tuesday.

Related

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

First Delta, now Best Buy caught up in data breach

The Richfield company confirmed its customers are affected by the hack.

Payment information accessed in Delta data breach

Delta says a 3rd party company was breached in the fall.

Uber will stop tracking you after you've been dropped off

The ride-sharing service had a change of heart about the controversial feature.

Data breach at DoorDash compromises nearly 5 million accounts

The food delivery service says some users should reset their passwords.

minneapolis parking meter

Minneapolis parking app experienced data breach in March

No credit card information was accessed in the breach.

Data breach at MN health provider may have left 50,000 patients exposed

Alomere Health in Alexandria informed patients last week.