Uber announced Friday that it suffered a breach to an internal database in 2014 that exposed data on about 50,000 drivers. In a blog post, the car service company said the unauthorized access occurred on May 13, but was not discovered until Sept. 17. A subsequent investigation showed that the breach exposed the names and driver’s license numbers of some 50,000 drivers, which Uber described as “a small percentage of current and former Uber driver partners.” No customer data, usernames or passwords were accessed. When contacted by NBC News, Uber declined to comment on why the breach was only disclosed Friday, or whether drivers were notified earlier.
The company is providing a year of identity theft protection to those affected. To date, there have been no reports of fraudulent use of the data, Uber said. The company has also filed a “John Doe” lawsuit, which will allow it to investigate further and collect evidence on the as-yet-unknown perpetrator.
Uber has been the target of criticism over what some critics see as a cavalier attitude toward security and privacy — its infamous “God View” tool allowed employees to view customers’ personal data, and a number of smaller incidents have exposed internal documents and tools. The company pledged in January to improve in this area after commissioning an audit of its privacy and data security practices.a