Hundreds of Thousands in Singapore and the Philippines Affected in Uber Data Breach

Last year, some 57 million Uber users worldwide—both drivers and passengers—were victims of a massive data breach, the extent of which is only coming to light. The personal information of 380,000 users in Singapore was leaked during the hack and in the Philippines, over 170,000 users were affected. The stolen information includes the user’s registered name, email address and phone number. This has prompted the Personal Data Protection Commission in Singapore and the National Privacy Commission in the Philippines to launch separate probes into the data breach.

In the USA, some 600,000 drivers’ license numbers were also downloaded by the hackers. There is no official number yet on how many Malaysian users are affected, although Uber Malaysia has already notified local authorities regarding the incident.

Uber did not publicly disclose the breach until last month. According to Uber, two hackers downloaded the data through the server of a third-party cloud-computing provider. Reportedly, the hackers demanded money to delete the stolen data, and Uber paid them US$100,000. If you are thinking that paying off extortionists doesn’t seem like the right thing to do, well, it turns out that the ride-hailing company is not the only one—the FBI and other private security companies told Reutersthat the number of companies paying off hackers is increasing.

Uber’s CEO at the time, Travis Kalanick, the Chief Security Officer, Joe Sullivan, and a deputy have since been ousted from the company (Kalanick’s departure in June was due to many more reasonsthat this). This leaves relatively new CEO, Dara Khosrowshahi, who was unaware of the scandal when he came on-board, to clean up the shit undo as much damage as possible. (“You may be asking why we are just talking about this now, a year later. I had the same question,” Khosrowshahi wrote in a blog post.)

Even though Uber insists that no credit card or bank account details were exposed, the situation is still very serious. Even with these limited information, you could be targeted by phone or email scammers, and become victim to identity theft; these seemingly simple set of information could help scammers to obtain even more vital personal data. Alas, this is the way the Brave New “Connected” World works today, where no data is 100% safe, no matter what kind of data protection law is enacted.

No comments yet! You be the first to comment.

Your email address will not be published. Required fields are marked *