Uber Waits Five Months To Report Data Breach

Taxi-hailing app start-up Uber has revealed it discovered a database breach that took place in May 2014, which led to the theft of the names and driver’s licence numbers of about 50,000 drivers.

The company said it immediately restritcted access to the database in question and began an “in-depth” investigation.

In an unusual twist, Uber said it discovered the hack last September, more than five months ago. While companies often wait before reporting data breaches in order to avoid compromising their investigations, the delay is rarely more than one or two months. Uber’s home state of California doesn’t specify a time limit on reporting breaches.

Uber didn’t give a reason for the long delay.

Uber is the latest company to be hit by a large-scale data theft, with other recently affected companies including Sony Pictures and Target.

The breach affected about 50,000 drivers across “multiple” US states, including more than 20,000 in California, according tot he company, which said the figure is a “small percentage” of the current and former drivers on its books.

Identity theft risk

“We are notifying impacted drivers, but we have not received any reports of actual misuse of information as a result of this incident,” stated Katherine Tassi, managing counsel of data privacy for Uber.

The company recommended the affected drivers monitor their credit reports for fraudulent transactions, and is offering those involved a free one-year membership to Experian’s identity protection service.

Uber said it has notified the California attorney general and has filed a “John Doe” lawsuit in an effort to help identify who was responsible for the hack.

The company has attracted controversy for disregarding local regulations in the cities where it operates, including London, where the transport body that regulates London’s taxi and minicabs last year referred the company to British tax officials.

In January, Uber’s chief executive promised thousands of new jobs in Europe for cities who join in a “new partnership” with the company.

Are you a security pro? Try our quiz!