Uber says 2016 data breach affects 57 million riders, drivers

WLS logo
Wednesday, November 22, 2017
FILE - In this Wednesday, March 15, 2017, file photo, an Uber car drives through LaGuardia Airport in New York.
Seth Wenig, File-AP

CHICAGO (WLS) -- Uber confirmed Tuesday that a 2016 data breach has compromised information from 57 million rider and drivers around the world.

A statement from CEO Dara Khosrowshahi wrote on the company's website said two individuals outside the company accessed user data stored on a third-party cloud-based server in late 2016. Khosrowshahi said the hackers did not breach corporate systems or infrastructures.

The company said the information taken included the names and driver's license numbers of 600,000 drivers in the U.S., and personal information of 57 million Uber users worldwide, including the aforementioned drivers. That information included names, email addresses and mobile phone numbers, the company said.

Khosrowshahi wrote that forensic experts said there is no indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.

Uber said it waited nearly a year to inform the public of the breach as it investigated the incident. The company said it is notifying the drivers whose license numbers were downloaded and providing them with free credit monitoring and identity theft protection. They have also notified regulatory authorities and are monitoring affected accounts and providing additional fraud protection.

"As Uber's CEO, it's my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of," wrote Khosrowshahi. "For that to happen, we have to be honest and transparent as we work to repair our past mistakes."

This is not Uber's first data breach. In 2014, data from 50,000 Uber drivers were compromised in another hack.

The revelation marks the latest stain on Uber's reputation.

The San Francisco company ousted Travis Kalanick as CEO in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.

It's also the latest major breach involving a prominent company that didn't notify the people that could be potentially harmed for months or even years after the break-in occurred.

Yahoo didn't make its first disclosure about hacks that hit 3 billion user accounts during 2013 and 2014 until September 2016. Credit reporting service Equifax waited several months before revealing this past September that hackers had carted off the Social Security numbers of 145 million Americans.

For more information for riders, click here.

For more information for drivers, click here.

The Associated Press contributed to this report.