Uber suffers another data breach after law firm’s servers attacked

4 Apr 2023

Image: © Sundry Photography/Stock.adobe.com

This is the third time in six months that Uber has been the victim of a data breach.

Uber has found itself in the middle of yet another data breach, this time as a result of private driver data being stolen from a third-party law firm.

Genova Burns, a mid-sized law firm based in New Jersey, has written to the affected Uber drivers that confidential information belonging to them, such as their social security and tax identification numbers, have been stolen in a data breach of its IT systems.

The firm first became aware of this breach on 31 January, according to a letter to the affected drivers.

Genova immediately hired a forensic team to investigate the data breach, informed authorities and promised to improve their security measures to prevent future hacks.

While Uber has not revealed the number of drivers affected, it told The Register in a statement that the breached data included private information on Uber drivers who had completed trips in New Jersey.

“These drivers have been notified that their social security number and/or tax identification number have been potentially impacted and offered complimentary credit monitoring and identity protection services,” Uber wrote.

“Genova Burns indicates that they are not aware of any actual or attempted misuse of the information, and confirmed that they are taking additional steps to improve security and better protect against similar incidents in the future.”

This is the third time in six months that Uber has been the victim of a data breach.

In December, details of more than 77,000 Uber employees were leaked online after a cyberattack targeted Teqtivity, used by Uber for IT asset management services. The leaked data reportedly included corporate information such as source code and IT asset management reports.

Uber suffered another “cybersecurity incident” in September that forced it to shut down many of its internal tools, communications and engineering systems. The ride-hailing company claimed at the time that the attacker was affiliated with the Lapsus$ group.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic