On Friday Uber posted a notice saying that the company had discovered that one of its databases had a point of entry for unauthorized users. On further investigation it found that “a one-time unauthorized access to an Uber database by a third party had occurred on May 13, 2014.” That database reportedly contained driver names and license plates.
“Our investigation determined the unauthorized access impacted approximately 50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners,” the note by Katherine Tassi, Uber’s Managing Counsel of Data Privacy, stated. The company added that it has not received any reports of identity misuse, although it's unclear whether divers have reported anything since learning about the breach.
Uber said it was alerting affected drivers and will offer them a free one-year membership to an identity-monitoring service. Tassi said that Uber had filed a “John Doe” lawsuit in order to “gather information that may lead to confirmation of the identity of the third party.”