2016 Uber data breach affected more than 57 million customers

By Christie Zizo, Digital Media Producer
Last Updated: Tuesday, November 21, 2017

Ride-sharing company Uber admitted to a year-old hacking incident where the personal information of more than 57 million customers and drivers was stolen.

Uber CEO Dara Khosrowshahi revealed details about the late 2016 hack in a blog post on the Uber site Tuesday -- the first affected customers had heard about the hack in the year since it happened.

Uber says:

  • The names and driver's license numbers of around 600,000 drivers in the United States were stolen
  • Some personal information for some 57 million Uber users around the world were stolen
  • This info may include names, email addresses and mobile phone numbers

Khosrowshahi said that forensic experts did not see any proof that credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded. 

When the company discovered the incident, Khosrowshahi said, "we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."

However, none of this information was disclosed before now, including to regulators.

Khosrowshahi said two of the people who handled the hacking incident are no longer working for Uber. The company is also working to notify drivers whose license numbers were downloaded and provide them with free credit monitoring and identity theft protection. They are also notifying regulatory authorities.

The company does not believe individual riders have to do anything. Uber is monitoring affected accounts and flagging them for additional fraud protection. But they say users should monitor their credit and accounts, including the Uber account, if their are issues.

Information from the Associated Press was used in this report.