As many as 50,000 Uber drivers could have been affected by a security breach last year, potentially leaving their personal data in the hands of an unauthorized third-party, reports Tech Crunch.
The cab-hailing company has admitted to a flaw which led to one of its databases being accessed last spring, revealing that driver names and license numbers may have been obtained. Uber's security team first noticed the risk on September 17, 2014, and under further investigation discovered the database had indeed been accessed once on May 13, 2014.
The database flaw was patched immediately upon detection, but the company continues to investigate the breach. Uber has also launched a "John Doe" lawsuit in the San Francisco Federal Court in an attempt to uncover the hacker's identity.
"We have not received any reports of actual misuse of any information as a result of this incident," said Katherine Tassi, Uber’s Managing Counsel of Data Privacy. "We are notifying impacted drivers and recommend these individuals monitor their credit reports for fraudulent transactions or accounts."
Uber began notifying former and current drivers last Friday, and will also be offering a year's free membership to an identity protection service for those affected.
As CNET notes, the breach affecting 50,000 drivers is sizable, but relatively small in comparison to recent hacks of Target and Home Depot which affected 110 million and 56 million people respectively. As the breach affected employees rather than customers, the amount of data was comparatively limited.
In the meantime, Uber has been looking into improving safety for its customers, by considering biometrics as part of an "enhanced driver screening" process.
Mahathir Mohd Yasin / Shutterstock.com