Data Breaches

Share Article
04 February, 2021
3 Minutes

Uber Data Breach Affects 57 Million Rider and Driver Accounts


Steve Symanovich

Staff writer

+ More
A man using his phone to hail a rideshare, highlighting the potential risks of using online services like Uber after a data breach.

Uber Technologies, Inc. disclosed that hackers stole the personal information of some 57 million customers and drivers from the ride-sharing company, according to a report by Bloomberg News. The news outlet also reported that, for more than a year, Uber concealed news of the data breach, which was discovered in late 2016.

In a statement on its website and attributed to CEO Dara Khosrowshahi, the company said the information included:

  • The names and driver’s license numbers of around 600,000 drivers in the United States.
  • Some personal information of 57 million Uber riders and drivers around the world. This information included names, email addresses and mobile phone numbers.

Uber rider or driver? Here’s what you need to know:

For Uber riders, the company says it doesn’t believe individuals need to take action. “We have seen no evidence of fraud or misuse tied to the incident,” its statement to riders said. “We are monitoring the affected accounts and have flagged them for additional fraud protection.”

That said, it is possible for identity thieves to launch phishing attacks, appearing to come from Uber, hoping to trick customers into providing personal information, such as account credentials or payment card information. It’s always important to check the actual email address to ensure a message is from the company or person it appears to be from. Also, don’t click on an emailed link or attachment without verifying the email’s authenticity.Uber says it’s notifying its drivers whose driver’s license numbers were accessed and are providing them with free credit monitoring and identity theft protection services. It’s providing additional information for Uber drivers on its website.

How the Uber breach happened

Uber said two people who didn’t work for the company accessed the data on a third-party cloud-based service that Uber uses. The company also said that outside forensics experts have not seen evidence that the hackers accessed other types of information. Un-accessed information includes:

  • Trip location histories
  • Credit card numbers
  • Bank account numbers
  • Social Security numbers
  • Dates of birth

Bloomberg News reports that company executives originally paid the hackers $100,000 to delete the data and keep news of the data breach quiet. In its statement, Uber said that two individuals who led the original response to the incident are no longer with the company, effective Nov. 21, 2017, the date the company went public with news of the breach.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Beware of Equifax Breach Scams
If someone claiming to be with Equifax calls you wanting to verify your account information, the caller is likely a scammer. Learn what to do if this happens.
Read More
Chipotle Data Breach: What You Need to Know
The cybersecurity attack that hit Chipotle restaurants recently is a reminder that you could be at risk anytime you pay with a credit or debit card.
Read More
Yahoo Announces 500 Million Users Impacted by Data Breach
Yahoo confirmed that at least 500 million user accounts have been exposed in a date breach.
Read More
Data leak exposes millions of bank loan and mortgage documents
Data leak exposes millions of bank loan and mortgage documents. Here’s what you need to know.
Read More

Start your protection,
enroll in minutes.

Get discounts, info, protection tips, and more

Sign up for promotional emails