2016 data breach hit 2.7 million UK users, or most of its base — Uber

November 30, 2017 - 3:40 PM
4716
Uber's logo is pictured at its office in Tokyo, Japan, November 27, 2017. Reuters/Kim Kyung-Hoon

Uber Technologies Inc has informed Britain’s data protection regulator that about 2.7 million user accounts – representing the vast majority of people using the ride-hailing service in the country – were affected by a 2016 data breach.

The breach, which the company disclosed last week involving 57 million users worldwide, saw names, mobile phone numbers and email addresses compromised, the company told UK’s Information Commissioner’s Office (ICO).

ICO said it expects Uber to alert all the affected British users, both Uber drivers and passengers, as soon as possible.

The breach was a further setback to the Silicon Valley company after London’s transport regulator stripped it of its operating licence in September, citing Uber’s approach to reporting serious criminal offences and background checks on drivers.

Uber failed to disclose the massive breach at the time, the company’s new chief executive officer said last week.

Under current British law organisations which fail to disclose data breaches to regulators face a maximum fine of up to 500,000 pounds.

In Britain, Uber drew around 2.85 million users, on average, over the past three months, according to web and mobile app traffic measurement firm SimilarWeb, indicating that most British Uber users were likely caught up in the breach.

Uber said on its website on Wednesday that independent forensics experts had not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded in the breach.

“We do not believe any individual rider needs to take any action,” the company said.

“We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection.”

Uber has been forced to quit several countries, including Denmark and Hungary, and faced regulatory battles in multiple U.S. states and around the world.

It comes after a tumultuous few months for the San Francisco start-up that led to former CEO and co-founder Travis Kalanick being forced out after a series of boardroom controversies.