As many as 50,000 Uber drivers may have had some of their personal information compromised after a data breach last year, Uber announced on its blog on Friday.
Katherine Tassi, Uber’s managing counsel of data privacy, said an “unauthorised third party” accessed one of Uber’s driver databases on May 13, 2014. Uber discovered the breach four months later on September 17.
Tassi says Uber swiftly repaired the vulnerability in the database, which contained the names and driver’s licence numbers of 50,000 current and former Uber drivers, across multiple states.
On Friday, the company started alerting the drivers that were impacted by the breach, though Tassi says Uber and its drivers haven’t received or noticed any abuses of the leaked information.
Uber is urging drivers to monitor their credit reports in the wake of the incident.
The company also notified California’s attorney general and has filed a “John Doe” lawsuit so Uber may learn the identity of the person or persons that got into the database.
Uber is no stranger to privacy concerns. Earlier this month, it was discovered that part of Uber’s lost and found database was accidentally made public, Motherboard reported. As a result, both the names of customers and drivers, as well as customers’ phone numbers, route information and ride identification information were all exposed and unintentionally made public.
A few months ago, Uber announced the company would be adding law firm Hogan Lovells to its privacy team. Data privacy expert Harriet Pearson — and Pearson’s colleagues at Hogan Lovells — were to review and assess Uber’s data privacy program.
The law firm completed its comprehensive review of Uber’s privacy policies in January.
“The review was comprehensive and found that overall our Privacy Program is strong,” an Uber blog post revealing the findings reads. “While Uber is encouraged by these findings, we fully acknowledge that we haven’t always gotten it right.”