Uber is revealing a one-time breach of a database that contained tens of thousands of current and former Uber drivers’ names and drivers’ license numbers. And it’s recommending those drivers “monitor their credit reports for fraudulent transactions or accounts.”
Katherine Tassi, Uber’s managing counsel of data privacy, issued a statement this afternoon that last September, the ride-sharing company suspected unauthorized access to one of its databases. Upon investigation, it found, “a one-time unauthorized access to an Uber database by a third party had occurred on May 13, 2014.”
While Tassi says Uber has since changed the access protocols for the database, “the unauthorized access impacted approximately 50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners.”
Uber says it’s in the process of notifying affected drivers, but that it has not received any reports of misuse of information as a result of the incident. Uber also will pay for one year of credit report monitoring.
As to the prepretator, Uber will say only that, “today we filed a lawsuit that will enable us to gather information to help identify and prosecute this unauthorized third party.”