Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Uber has internal data stolen in yet another cyberattack

Close up of UBER sign at their headquarters in San Francisco's SOMA district

A recent supply chain attack has resulted in sensitive data belonging to Uber drivers being stolen once again. 

The Register picked up on a breach notification sent to affected drivers by the law firm Genova Burns which said that in late January 2023 it “became aware” of suspicious activity in its internal information systems. 

After bringing in outside forensic and data security specialists, the company determined that an “unauthorized third party” (no groups or individuals were named) accessed its systems between January 23 and 31, 2023. During that time, the threat actor stole data including Uber drivers’ names, Social Security Numbers, and in some cases, Tax Identification numbers.

Securing the environment

The way the notification was formulated suggests that this is not all of the data that was taken, but Genova Burns did not discuss it further.

What it did discuss are its moves going forward, including the usual 12 months of free identity monitoring services, this time through Kroll. It also said it “secured the environment” by changing all system passwords, and notifying the police. 

“We will be taking additional steps to improve security and better help protect against similar incidents in the future,” Genova Burns added, without detailing which additional steps those are. 

When asked by the publication to comment, Uber sent an email statement, saying the Genova Burns data was related to “certain drivers who had completed trips in New Jersey”. The company also reminded that the law firm found no evidence of the data being used in the wild, or evidence of such an attempt. 

Genova Burns said it held the data due to its legal representation of Uber Technologies.

Uber has suffered its fair share of cybersecurity incidents, including the 2016 data theft fiasco, the 2022 Lapsus$ data theft, and the Teqtivity supply chain attack.

Via: The Register

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.