What Happened?

Uber Technologies, Inc. recently confirmed a global data breach that exposed 57 million of its customers and drivers.

Of the 57 million affected, 50 million were customers and 7 million were drivers. Of the 7 million drivers affected, 600,000 were from the U.S. Names, email addresses, phone numbers and driver’s license numbers were exposed.

According to Bloomberg News, the breach initially occurred in October 2016. Cybercriminals first hacked a private coding site used by Uber software developers. From there, hackers used the credentials obtained from that site to access the company’s internal databases and files.

Uber Paid Hackers $100,000 to Keep Quiet

The hackers then reached out to the company to request ransom money. Instead of reporting the data breach, however, Uber reportedly paid the hackers $100,000 to delete the data and keep the breach concealed.

Of course, this chain of events has sparked controversy surrounding data privacy regulations and the way in which companies report data breaches. Further investigation found that the company was recently fined $20,000 in January 2016 due to another data breach from 2014 that was not properly reported. Additionally, Uber has also recently been involved in other data privacy-related violations.

New Uber CEO Remains Hopeful

However, Uber’s new chief executive officer Dara Khosrowshahi has high hopes for the company moving forward. Since his on-boarding in September, Khosrowshahi has focused on “changing the way we do business.”

Additionally, Khosrowshahi commented that while the incident was not properly reported when it first occurred, Uber still took immediate action to secure the compromised information and ensure that no further damage was done.

What Should You Do?

If you think you’ve been affected by this data breach, take the following steps to secure your potentially exposed information:

  • Phone Number: Visit https://www.donotcall.gov/ to add your phone number to the Do Not Call registry. This can help decrease the number of scam calls you may receive, meant to target breach victims for more sensitive information.
  • Email Address: Update your email account passwords immediately, even ones that may not have been affected. Hackers took advantage of login credentials from another site to gain access to the company’s internal systems. Avoid password reuse to limit a hacker’s access to your other accounts.
  • Driver’s License Number: Request your credit reports from the three major credit bureaus and look for suspicious activity or new accounts opened in your name. While Social Security numbers and financial information were not exposed, hackers can use your driver’s license number to obtain more sensitive information to access your bank accounts, credit lines and other sensitive documents.

Internet Monitoring

When your information (name, address, phone number, email address, driver’s license number) is exposed in a breach, it is often then sold by criminals online. Internet Monitoring will alert you if your information is found being traded on the Dark Web — allowing you to address it before more substantial damage is done.