Updated:
Original:

The Uber data breach: What you need to know

Personal information of 57 million Uber users was accessed.
Author:

What's happened?

The new CEO of Uber, Dara Khosrowshahi, revealed on Tuesday evening that the ride-sharing giant had been the victim of a data breach in 2016.

Two hackers were able to break into a company providing cloud-based storage for Uber, stealing personal information of 57 million Uber users around the world.

What was taken? 

Uber says the 57 million people affected had information including their names, email addresses and cellphone numbers compromised.

A further 600,000 Uber drivers in the United States had their names and driver's license numbers stolen. 

Uber says there's no indication the breach compromised any trip location history, bank or credit card numbers, Social Security numbers, or dates of birth of riders.

But wait, it gets worse

At the time of the incident, Uber said it took steps to secure the data and shut down further access, identifying the people responsible and "obtained assurances that the downloaded data had been destroyed."

By "obtained assurances," Bloomberg reports this means Uber paid these hackers $100,000 not only to delete the data, but also to keep the hack secret for the past year.

Two staff members, including its chief security officer, has been fired for keeping the hack under wraps.

How will I know if I'm affected?

Although Uber said it believes the information was never used, it is still offering free credit monitoring to the 600,000 people whose driver's licenses were compromised, which could put them at greater risk of identity theft.

These people can expect to be contacted by Uber informing them their information was compromised in later weeks. They can find more information hereabout what to do next.

As for the 57 million riders whose data was accessed, Uber says it has "seen no evidence of fraud or misuse tied to the incident." 

It says it's monitoring their accounts and "flagged them for additional fraud" protection but right now riders are advised to monitor their credit, banking and Uber accounts for any suspicious activity.

Wider context

Uber's breach was smaller in terms of size and the sensitivity of stolen information compared to two of the biggest breaches revealed this year, of Yahoo and Equifax

However, the New York Times reports the cover-up shows "the extent to which Uber executives were willing to go" to protect the company's reputation at a time where it's been under the microscope for its data privacy practices.

As well as paying the $100,000 "ransom" to the hackers, they even went as far as making them sign nondisclosure agreements to keep it secret, the newspaper notes.

Amid the aforementioned data privacy concerns, it will be quite the road back for Uber to regain the trust of its riders and drivers, something Khosrowshahi acknowledges in his statement.

Next Up

covid-19

Weekly COVID case rate rises in 73 counties

The highest case rates remain in greater Minnesota.

midwest rail

Twin Cities plays key role in new Midwest rail plan

The 40-year plan would mean 24 trips daily between the Twin Cities and Chicago.

bemidji minnesota

Would you move to Bemidji for $2,500? More than 20 have so far.

The city is running a program that will pay people $2,500 to relocate there.

minnesota zoo gladys owl 2 CROP

Escaped owl Gladys dies after being found injured

The Eurasian eagle-owl flew off from Minnesota Zoo staffers on Oct. 1.

Best Buy - jjbers, Flickr

Best Buy brings back early Black Friday deals

A 4-day sale featuring "hundreds" of Black Friday offers starts next week.

Gary Paulsen - YouTube screengrab

'Hatchet' author, Minnesota native Gary Paulsen dies

His final novel will be published early next year.

UnitedHealth Group

UnitedHealth Group posts quarterly profits of $4.1 billion

The Minnetonka-based health insurance giant is Minnesota's most valuable company.

Minnesota DNR via the Science Museum of Minnesota

Invasive algae called 'rock-snot' discovered in several NE Minnesota streams

Scientists are investigating the impact the algae may have on the waterways.

Dalvin Cook

Matthew Coller: Vikings feel really close and really far away

Matthew Coller's work can be found daily at Purple Insider.

Driving car wheel

More than 1,800 seat belt violations in 2 week crackdown 'baffles' police

The campaign ran from Sep. 19 to Sep. 30 and resulted in 1,805 seat belt citations.

Related

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

First Delta, now Best Buy caught up in data breach

The Richfield company confirmed its customers are affected by the hack.

Payment information accessed in Delta data breach

Delta says a 3rd party company was breached in the fall.

Data breach at DoorDash compromises nearly 5 million accounts

The food delivery service says some users should reset their passwords.

Uber will stop tracking you after you've been dropped off

The ride-sharing service had a change of heart about the controversial feature.

minneapolis parking meter

Minneapolis parking app experienced data breach in March

No credit card information was accessed in the breach.

Data breach at MN health provider may have left 50,000 patients exposed

Alomere Health in Alexandria informed patients last week.