View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 29, 2017

Uber data breach: 2.7 million UK riders & drivers hit in cover-up

Uber has not yet been able to make clear how many drivers are included in the 2.7 million victims in the United Kingdom.

By Tom Ball

After the recent revelation that Uber sustained a colossal data breach and attempted to hide it, the company has now disclosed that 2.7 million British people were among the 57 million victims.

This UK specific figure is thought to include the personal information of both customers of the service and drivers themselves, but according to the BBC, Uber has not been able to provide details of the number of drivers involved.

The initial attack was carried out in 2016 during the pock-marked tenure of ex-CEO, Travis Kalanick, and most shocking, executives at the company made moves to cover up the breach by offering the hackers money to erase the stolen data.

In an update added to the original post about the incident, Uber shared the UK figure, saying: “In the United Kingdom this involved approximately 2.7m riders and drivers. This is an approximation rather than an accurate and definitive count because sometimes the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives.”

The UK’s Information Commissioner’s Office (ICO) reacted to the UK specific revelation, stating that it is working with the National Cyber Security Centre to support those affected.

Expect machine learning ‘arms race’ & IoT ransomware in 2018, says McAfee


Microsoft Azure location services to drive IoT & smart cities


Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?
HPE makes the clouds align with OneSphere


James Dipple-Johnstone, deputy commissioner, Information Commissioner’s Office, said: “Uber has said the breach involved names, mobile phone numbers and email addresses… On its own this information is unlikely to pose a direct threat to citizens. However, its use may make other scams, such as bogus emails or calls appear more credible. People should continue to be vigilant and follow the advice from the NCSC.”

“As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised… We would expect Uber to alert all those affected in the UK as soon as possible,” Dipple Johnstone said.

While the customer and driver data may not seem critical or valuable, this is not in fact the case and it is amassing in vast quantities to be used in future.

Paul Ducklin, Senior Security Advisor, Sophos, said: “It’s easy to think, when a data breach includes “only” names, addresses and phone numbers, that it’s not of much significance. But any personal data that crooks can collect unlawfully has value on the Dark Web. If the crooks who stole the data don’t abuse it directly, they may very well sell it onto someone else who will.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.