Back in 2016, there was an Uber breach. Hackers stole the personal data of 57 million Uber customers and drivers. But rather than disclosing the incident when they found out, Uber paid the hackers $100,000 to delete the data and keep the incident quiet, as a Bloomberg story recently detailed.
In this blog post, we will discuss the Uber breach, including what happened, what information was stolen and some steps you can take to stay safe.
According to Uber’s new CEO, Dara Khosrowshani, two individuals outside the company “inappropriately accessed user data stored on a third-party cloud-based service that we use.”
The information breached is different for riders vs. drivers:
Riders (57 million from around the world):
- Names, email addresses, mobile phone numbers.
- Names, email addresses, and mobile phone numbers
- Driver’s License numbers
So how do you know if you were affected by the Uber breach?
Drivers will be notified individually.
As it stands, if you’re a rider, you likely won’t know if you were affected. Why?
“We do not believe any individual rider needs to take any action. We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection,” according to the release from Uber.
Uber is encouraging all users to monitor their Uber account and let them know if you see anything unexpected or unusual.
But as this Fortune story points out, “Even ‘mundane’ data breaches can be significant, since the personal information included in most accounts can be used to engineer everything from identity theft to phishing operations.”
That being said, as with the Equifax breach, it’s best to assume you were affected. That means you should:
- Change your Uber password, of course. And if you were using that same password on another site, change those passwords as well. Don’t reuse an old one. Be sure and follow the latest password advice.
- If you’ve paid for a credit monitoring service (we don’t recommend) or are doing it for free yourself, don’t assume that will be enough to keep you safe from identity theft. Credit monitoring doesn’t prevent identity theft, it only alerts you to a possible problem. And many types of identity theft won’t even show up on your credit report, including tax identity theft, criminal identity theft, Social Security identity theft, and medical identity theft.
- Consider freezing your credit. With all of the data breaches that have taken place in the last few years, most security experts agree it’s pretty likely your information has already been compromised. A credit freeze might help keep your identity safe, but it doesn’t cover all forms of identity theft (read more about the limitations here).
- Sign up for a fully managed identity restoration service. While some companies just provide advice on how to fix your identity once it’s been stolen, LibertyID provides fully managed identity restoration. That means if you’re a LibertyID member and your identity is stolen, we will fix it ourselves. Our certified restoration specialists could save you hundreds of hours of work by placing fraud alerts, making all the necessary phone calls, filing the disputes and contacting government agencies, creditors, insurance companies and more.
Think about it — if you suddenly got a bunch of bills in the mail for credit cards that you didn’t open or medical procedures you didn’t receive, who would you call?
LibertyID provides expert, full service, fully managed identity theft restoration to individuals, couples, extended families* and businesses. LibertyID has a 100% success rate in resolving all forms of identity fraud on behalf of our subscribers.
*Extended families – primary individual, their spouse/partner, both sets of parents (including those that have been deceased for up to a year), and all children under the age of 25