Uber says it got hacked — over nine months ago
Uber got hacked — and took a full five months to tell anyone about it.
The ride-hailing app said Friday that a security breach last spring may have disclosed the names and driver’s license numbers of as many as 50,000 of its drivers across multiple states.
Uber discovered on Sept. 17, 2014 that one of its databases had been accessed more than four months earlier by an “unauthorized third party,” the company said in a statement.
Asked why Uber waited until late February to disclose the breach, an Uber spokesman told The Post, “We were conducting an investigation,” and declined to elaborate.
“To date, we have not received any reports of actual misuse of any information as a result of this incident, but we are notifying impacted drivers and recommend these individuals monitor their credit reports for fraudulent transactions or accounts,” Uber exec Katherine Tassi said in a post on Uber’s blog.
Uber said it has filed a so-called “John Doe” lawsuit in federal court in San Francisco to gather information as it seeks to identify the hackers. In the meantime, it will provide affected drivers a free one-year membership to an identity-theft protection service from Experian.
Recently, Uber itself has taken heat over allegations that its execs improperly accessed the data of passengers.
Last fall, it emerged that Uber execs sometimes used an internal tool called “God View” to track specific customer rides. That provoked an outcry from critics including Sen. Al Franken (D-Minn.) who demanded details on Uber’s privacy procedures.