CRAPSICAB COMPANY Uber has admitted that as many as 2.7 million UK customers and drivers were affected by the 2016 mega-hack on the company.
In a statement released on Tuesday, the firm said that hackers made off with names, email addresses, and phone numbers of those affected in October 2016, adding that location history, credit card numbers and dates of birth were not obtained in the massive data breach.
“In the United Kingdom this involved approximately 2.7 million riders and drivers,” Uber wrote in a blog post on Wednesday.
“This is an approximation rather than an accurate and definitive count because sometimes the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives.”
Uber says riders do not need to take action and they had seen no evidence of fraud or misuse tied to the incident but has warned customers to keep an eye on their accounts for suspicious activity.
“We are monitoring the affected accounts and have flagged them for additional fraud protection,” the company said.
“Uber users who notice anything suspicious can contact Uber’s Help Centre by tapping ‘Help’ in the app, then ‘Account and Payment Options’ > ‘I have an unknown charge’ > ‘I think my account has been hacked’.
Earlier this month it was revealed that the hack on Uber, which affected 50 million riders and seven million drivers worldwide, was hidden under the leadership of now-ousted CEO Travis Kalanick, who reportedly paid hackers $100,000 to delete the data they collected.
Unsurprisingly, the UK Information Commissioner’s Office has confirmed that it’s investigating the breach.
In a statement given to the INQUIRER, the ICO said: “It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.
“We’ll be working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.
“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.” µ
Source : Inquirer