According to a recent statement by taxi-hailing app Uber, the personal details of 2.7 million UK users have been compromised as the result of a security breach last year.
Back in October 2016, hackers managed to gain access to the personal details of as many as 57 million Uber users worldwide.
However, the breach – which affected both customers and drivers – was swept under the rug by Uber bosses, and remained secret until as recently as late November 2017.
In a shocking twist, it has also been revealed that disgraced Uber CEO Travis Kalanick oversaw a payment of $100,000 to the hackers guilty of committing the breach.
In return, the culprits allegedly deleted the data and cooperated in keeping details about the lapse in security from leaking to the general public.
In a statement released by the Information Commissioner’s Office (ICO) on Wednesday 29 November 2017, officials confirmed that some 2.7 million UK users had been affected, with names, mobile phone numbers and email addresses all involved in the breach.
An ongoing investigation
So just how worried should Uber users be?
“On its own this information is unlikely to pose a direct threat to citizens.
However, its use may make other scams, such as bogus emails or calls appear more credible. People should continue to be vigilant and follow the advice from the NCSC.” – James Dipple-Johnstone: Deputy Commissioner, ICO.
According to the ICO, the investigation is ongoing, and more details about the breach are expected to be released in the future. Meanwhile, they have called upon Uber to make contact with any UK users affected by the incident.
The following day, Alex Neill from UK consumer advice group Which? joined the call for more transparency from Uber – and more action by the government to protect those affected by data breaches.
“Data breaches are becoming more and more common and yet the protections for consumers are lagging behind,” he said.
“The UK government should use the Data Protection Bill to give independent bodies the power to seek collective redress on behalf of affected customers when a company has failed to take sufficient action following a data breach.”
Our advice?
Check if your private contact details have been exposed with the haveibeenpwned online tool, and consider a VPN to protect yourself in the event that – as we now know – you can’t trust companies with your personal data.