Technology News

Uber Database Breach May Have Exposed Personal Data On 50,000 Drivers

uber breach

On Friday, Uber announced that one of its databases was probably breached last year, putting up to 50,000 Uber drivers’ personal information at risk.

The breach was discovered on September 17. Uber believes the one-time incident occurred in May 2014. The database held the names, license plate numbers and driver’s license numbers for thousands of Uber drivers in several states, PC World reported. Uber said the breach was conducted by an “unauthorized third party,” but the company did not reveal how it discovered the breach.

About 21,000 of the affected Uber drivers are in California. Uber has several hundred thousand drivers across the United States.

Uber said it changed access to the database to stop further loss of data once it was discovered, but it is only now notifying drivers whose information was possibly exposed to offer a free year of membership to Experian credit monitoring.

[quote text_size=”small” author=”– Katherine Tassi” author_title=”Uber’s managing counsel of data privacy”]

We have not received any reports of actual misuse of information as a result of this incident.


Uber is a ride-hailing service that connects passengers and drivers through a smartphone app.

While a hack affecting 50,000 people sounds like a great deal, it’s actually very small compared to several large-scale attacks that have affected other companies in recent years. In the case of the Target breach, 100 million people had their personal information exposed, while a Home Depot hack put 56 million credit cards at risk, CNET reported.

Uber’s case is interesting, however, because of how long it waited to go public about the breach and notify drivers. In California, Uber’s home state, the law requires companies who lose consumers’ personal information, including driver’s license numbers, to inform those affected “in the most expedient time possible and without unreasonable delay.” Most states have similar vague time limits, but some states have a requirement to notify consumers within 60 days, according to the Wall Street Journal.

Click to comment
To Top

Hi - We Would Love To Keep In Touch

If you liked this article then please consider joing our mailing list to receive the latest news, updates and opportunities from our team.

We don't want an impostor using your email address so please look for an email from us and click the link to confirm your email address.