Uber made a statement on Friday saying that a security breach last year may have disclosed the names and license plate numbers of about 50,000 Uber drivers.
The company said that last September it had “identified a one-time access of an Uber database by an unauthorized third party.”
A subsequent investigation revealed that an authorized third party had accessed one of its databases in May 2014.
Katherine Tassi, Uber’s Managing Counsel of Data Privacy, posted a statement on the Uber website.
She said:
“Our investigation determined the unauthorized access impacted approximately 50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners.:
“Immediately upon discovery we changed the access protocols for the database, removing the possibility of unauthorized access. We are notifying impacted drivers, but we have not received any reports of actual misuse of information as a result of this incident.”
Uber will offer a free one-year membership of Experian’s ProtectMyID Alert (an identity theft protection service) to drivers affected by the security breach. Identity theft is growing problem globally.
She added:
“To date, we have not received any reports of actual misuse of any information as a result of this incident, but we are notifying impacted drivers and recommend these individuals monitor their credit reports for fraudulent transactions or accounts.”
Uber also filed a lawsuit in a federal court in San Francisco on Friday to identify the person responsible for the security breach.
“We have also filed what is referred to as a “John Doe” lawsuit so that we are able to gather information that may lead to confirmation of the identity of the third party.”