This is the third time in six
months that Uber has been the victim of a data breach.
Uber has found itself in
the middle of yet another data breach, this time as a result of private driver
data being stolen from a third-party law firm.
Genova Burns, a mid-sized
law firm based in New Jersey, has written to the affected Uber drivers that
confidential information belonging to them, such as their social security and
tax identification numbers, have been stolen in a data breach of its IT
systems.
The firm first became
aware of this breach on 31 January, according to a letter to the
affected drivers.
Genova immediately hired a
forensic team to investigate the data breach, informed authorities and promised
to improve their security measures to prevent future hacks.
While Uber has not
revealed the number of drivers affected, it told The Register in a
statement that the breached data included private information on Uber drivers
who had completed trips in New Jersey.
“These drivers have been
notified that their social security number and/or tax identification number
have been potentially impacted and offered complimentary credit monitoring and
identity protection services,” Uber wrote.
“Genova Burns indicates
that they are not aware of any actual or attempted misuse of the information,
and confirmed that they are taking additional steps to improve security and
better protect against similar incidents in the future.”
This is the third time in
six months that Uber has been the victim of a data breach.
In December, details of
more than 77,000 Uber employees were leaked
online after a cyberattack targeted Teqtivity, used by Uber for
IT asset management services. The leaked data reportedly included
corporate information such as source code and IT asset management reports.
Uber suffered another “cybersecurity incident” in September that
forced it to shut down many of its internal tools, communications and
engineering systems. The ride-hailing company claimed at the time that the
attacker was affiliated with the Lapsus$ group.
