What caused the latest Uber data breach?
In April 2023, hackers targeted Uber’s law firm, Genova Burns LLC, which handled sensitive driver information. According to a letter published on April 4, the firm noticed unusual activity in its IT systems in January and immediately hired a forensic security team to investigate. The investigation confirmed that an unauthorized party had accessed the law firm’s systems.
What data was compromised in the most recent Uber data breach?
Hackers accessed sensitive data drivers had given to Uber, including names, Social Security numbers, and Taxpayer Identification Numbers. With this information, scammers can commit identity theft, open fraudulent accounts, and file false tax returns.
This stolen data can also be sold on the dark web, fueling further criminal activities. Neither Genova Burns nor Uber has disclosed how many drivers were affected by the breach.
How did Uber and Genova Burns respond?
In a statement sent to The Register, an Uber spokesperson acknowledged the attack on Genova Burns and confirmed that the company had notified the affected drivers. However, Uber did not respond to The Register’s question about how many drivers had their records stolen, leaving the scope of the breach unclear.
In its letter to affected drivers, Genova Burns indicated that it had investigated the data breach to determine its extent and secured the company’s systems by resetting all passwords. The firm also alerted law enforcement and said it was cooperating with the investigation.
Although Genova Burns promised to implement additional security measures, the letter did not specify what those measures would be. As a precaution, the law firm also offered affected drivers 12 months of complimentary identity monitoring services.
To our knowledge, before the 2023 Uber data breach, the law firm had not been publicly linked to any other security incidents affecting clients. For Uber, however, this wasn’t the first time it faced a data breach. The ride-sharing service has a patchy record when it comes to data management.
Other recent Uber data breach incidents
The April 2023 Uber data leak is just the latest in a string of cybersecurity incidents the company has faced in recent years. Let’s take a closer look at some of the most notable breaches Uber has experienced over the past five years.
December 2022 Uber data breach
In December 2022, Uber experienced a data breach when a hacker group called UberLeaks posted sensitive company information on a hacking forum. BleepingComputer, the first media outlet to report on the breach, initially suspected that the data had been stolen during a previous cyberattack in September. However, Uber clarified that it was linked to a security breach at Teqtivity, a third-party vendor responsible for managing Uber’s IT assets.
BleepingComputer found that the leaked data included email addresses and Windows Active Directory information for over 77,000 Uber employees. Security researchers confirmed that this cyber incident affected only Uber’s internal corporate systems, not its customers. Nevertheless, the exposed data put all affected employees at risk of phishing attacks and other cyber threats (BleepingComputer, 2022).
September 2022 Uber data breach
In September 2022, a hacker compromised an Uber contractor’s account by likely purchasing their password from the dark web after malware infected their personal device. This was a social engineering attack because the hacker repeatedly attempted to log in, and the contractor mistakenly approved a two-factor authentication request.
This approval granted the hacker access to multiple employee accounts, including tools like G-Suite and Slack. The hacker then posted a message on the company-wide Slack channel and changed Uber’s internal settings to display a graphic image. Uber suspects the attacker is linked to the Lapsus$ hacking group, which targeted several tech companies like Microsoft, Cisco, Samsung, Nvidia, and Okta in 2022 (Uber, 2022).
August 2020 Uber Eats data breach
In August 2020, the cybersecurity firm Cyble discovered personal information from Uber Eats customers and drivers available on the dark web. The Cyble research team discovered files containing sensitive information, including the login credentials of 579 Uber Eats customers and information on 100 delivery drivers. The leaked data included full names, contact numbers, trip details, bank card information, and account creation dates (Cyble, 2020).
What should you do if your data is breached?
If your data has been breached, don’t panic. Below are six simple steps you can take right now to protect yourself.
Follow the recommendations
If your personal information was exposed in a data breach, the company will usually send you a data breach notice. If you get one, don’t ignore it. Keep all the documents it sends and follow its recommendations closely.
Change your passwords
Create strong passwords for compromised accounts, and don’t reuse them across different platforms. A strong password should be at least 12 characters long and include a mix of letters, numbers, and symbols. To keep things simple and secure, consider using a password manager to generate and store your passwords.
Monitor your accounts
Keep an eye on your email, social media, and financial accounts and set up alerts to get notified of any unusual activity. If you stay aware of unexpected changes, it can help you catch potential scams early so you can report or address them quickly. Also, check your credit report regularly to spot any suspicious activity, like loans or credit cards you didn’t apply for or unfamiliar addresses linked to your profile.
Set up fraud alerts
Contact the primary credit bureau in your country to place an initial fraud alert on your credit report. This alert adds an extra layer of security, making it more difficult for anyone to open new accounts in your name without additional verification. For even stronger protection, consider freezing your credit, which prevents anyone from accessing your credit report or opening new accounts in your name.
Report it
If you’re affected by a data breach or suspect identity theft, report it to the appropriate authority in your country. In the US, this is the Federal Trade Commission (FTC). If your Social Security number was compromised, also contact the Social Security Administration (SSA) to prevent misuse.
Outside the US, similar steps apply:
- European Union: Report the breach to your country’s Data Protection Authority (DPA). You can find a list of DPAs on the European Data Protection Board website.
- Canada: Contact the Office of the Privacy Commissioner through their website to report identity theft or data breaches.
- Australia: Report the breach to the Office of the Australian Information Commissioner.
- United Kingdom: Report to the Information Commissioner’s Office (ICO).
If sensitive personal information, such as a national ID or tax number, is compromised, contact the relevant government agency to secure your records and prevent identity theft.
Beware of phishing scams
Be cautious of emails, texts, or calls pretending to be from the breached company. Scammers often exploit data breaches for phishing attacks. A notable example is the 2017 Equifax breach, which exposed the personal information of nearly 150 million people. When Equifax set up a claims website, cybercriminals created fake sites to steal even more data from people filing legitimate claims.
Best practices for preventing data breaches
Most data theft can be prevented. By taking these additional precautions, you can keep your sensitive information safe and out of the wrong hands.
- 1.Enable multi-factor authentication (MFA). Even if a cybercriminal obtains your password through phishing or a data breach, they still need the second authentication factor, such as a code sent to your phone, a fingerprint scan, or a security token, to access your account.
- 2.Use a VPN on public Wi-Fi. If you must use public Wi-Fi, a VPN (virtual private network) can help secure your connection by encrypting your data, making it harder for hackers to intercept your information. If you don’t have a VPN, avoid accessing sensitive accounts like banking or work-related apps while using public Wi-Fi.
- 3.Enable Dark Web Monitor. NordVPN’s dark web monitoring feature scans dark web sites like hacker forums and marketplaces for any signs of your leaked credentials. If it detects your information, the NordVPN app will instantly alert you so you can take action to protect yourself.
- 4.Regularly update your software. Software updates fix security flaws that hackers could use in phishing attacks or data breaches. Keeping your software up to date reduces the risk of these vulnerabilities being exploited against you.
- 5.Minimize the apps and services you use. Each app carries additional risks, especially when you share your data with it. If you don’t need a service, delete both the account and the app. For example, if you’re uncomfortable with how Uber handles your data, you can delete your Uber account along with any other apps you don’t trust.
- 6.Only grant apps the permissions they truly need. Enable only the permissions essential for the app to function. If a fitness app or game requests access to your contacts, that’s a red flag.
- 7.Stay educated and raise awareness. Many data breaches start when someone unknowingly clicks on a phishing link, which can give hackers access to sensitive information. By staying informed about phishing scams, password security, and the latest cyber threats, you’re less likely to fall victim to these tricks.
Online security starts with a click.
Stay safe with the world’s leading VPN