Uber just announced a data breach of 57 million people ... that took place in 2016



Myles Ma

Myles Ma

Senior Reporter

Myles Ma is a senior reporter at Policygenius, where he covers personal finance and insurance and writes the Easy Money newsletter. His expertise has been featured in The Washington Post, PBS, CNBC, CBS News, USA Today, HuffPost, Salon, Inc. Magazine, MarketWatch, and elsewhere.

Published November 21, 2017 | 2 min read

Policygenius content follows strict guidelines for editorial accuracy and integrity. Learn about our editorial standards and how we make money.

News article image

Hackers stole the personal information of 57 million Uber users and drivers in late 2016, a breach the company only revealed Tuesday. Dara Khosrowshahi, CEO of the company, said in a statement he only recently became aware of the incident. The hackers accessed the personal information — including names, email addresses and mobile phone numbers — of riders and the names and driver's license numbers of about 600,000 drivers.

They got to the data through a third-party cloud service Uber uses, Khosrowshahi said. The hackers did not access trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth, according to forensic experts hired by the company.

Uber identified the hackers and paid them $100,000 to delete the data and not tell anyone about the breach, Bloomberg reported. The company fired Joe Sullivan, chief security officer and one of his deputies for concealing the breach, the report said. Uber referred to Khosrowshahi's statement when asked for comment.

The company has taken measures to improve security on its cloud-based storage accounts, Khorsrowshahi said. He also called for an investigation into why the breach was hidden. Uber has hired Matt Olson, a former general counsel for the National Security Agency, to advise him on security.

What happens now?

Uber is individually notifying drivers whose driver's license numbers were downloaded and giving them free credit monitoring and identity theft protection. The company is monitoring all the affected accounts and flagging them for additional fraud protection, though it says there has been no evidence of fraud resulting from the hack. Uber has posted additional information for riders and drivers on its website.

"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," Khorsrowshahi said.

How to avoid identity theft

It's been a bad few months for identity theft. Hackers accessed the personal information, including Social Security numbers, of 143 million people thanks to a breach at Equifax.

But there are steps people can take to avoid becoming a victim. The first is a credit freeze, which can stop thieves from taking out loans and credit cards using your information. Identity theft insurance may also be a good idea.

You should also keep a close eye on your credit report for inaccurate or unfamiliar information. New credit accounts or applications are a sign that something is wrong. You can check your credit reports free every 12 months at AnnualCreditReport.com.

On the same note, watch your credit score. If it suddenly drops, that is also a sign something's fishy. There are plenty of sites that allow you to check your credit score for free.

Check our big Equifax hack guide for a bunch of other ways to tell if someone stole your identity.

Image: martin-dm