News Blog

Uber data hack hit 2.7m UK riders and drivers

A Nissan electric car at launch of the first Uber electric cars in London

By James Sillars, Business Reporter

Uber says the data breach it kept secret for over a year resulted in the personal data of approximately 2.7 million people in the UK being exposed.

The ride-hailing app – already under pressure in this country on employment rights and the future of its operating licence in London – said it could not be sure of the figure because of the way it collects data by country.

It revealed last week that the data of 57 million people worldwide was exposed by hackers in October 2016.

:: Uber loses appeal over employment rights ruling

Taxi drivers claim the law is not being enforced and they are losing out to services such as Uber
Spanish taxi drivers launch strike over Uber

It later emerged the company had effectively paid off the persons responsible in the belief the information – which included names, addresses and mobile phone numbers – would be deleted and not used by the criminals.

Uber also confirmed it had got rid of its security chief who had presided over the incident.

A man poses holding a smartphone showing the app for ride-sharing cab service Uber in London
Uber is fighting to keep its London operating licence

In its update on Wednesday, the US-based firm again reiterated that it did not believe customers needed to take any action as it had not seen any evidence of the information being used.

Uber added: "Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded."

:: Uber London licence talks 'constructive'

However, its statement failed to give any such assurances about the security of drivers' data though it had earlier said there had been no fraudulent use of their details and they had been offered free credit monitoring as a precaution.

Uber's chief executive said then: "None of this should have happened, and I will not make excuses for it."

SUN VALLEY, ID - JULY 7: Dara Khosrowshahi, chief executive officer of Expedia, Inc., attends the annual Allen & Company Sun Valley Conference, July 7, 2016 in Sun Valley, Idaho. Every July, some of the world's most wealthy and powerful businesspeople from the media, finance, technology and political spheres converge at the Sun Valley Resort for the exclusive weeklong conference. (Photo by Drew Angerer/Getty Images)
Dara Khosrowshahi took over at Uber this summer

Dara Khosrowshahi, who took over from ousted co-founder Travis Kalanick in August, also pledged to launch an inquiry into why it had taken 13 months for the breach to be made public.

UK data officials have spoken of their concern and the incident could potentially land the company in more legal wrangles in the UK.

Firms operating here can currently be fined up to £500,000 for failing to inform people if their data is stolen, which is an offence under the Data Protection Act.

Stiffer penalties are on the way under EU law which the UK is enshrining in domestic law before Brexit.

Offenders could face fines of £17m or 4% of their global turnover under the legislation.

Responding to Uber's update, James Dipple-Johnstone, of the UK Information Commissioner's Office, said he would expect Uber to alert everyone affected "as soon as possible".

The watchdog added it was still awaiting details from Uber on the type of personal data that was compromised.

More stories

  • Previous article Hacking suspect appeals against US extradition
  • Next article UberEats boss is latest UK executive to quit

Source –

Leave a Comment