Uber has disclosed that a database containing information on its drivers may have been compromised. The database containing names and driver’s license numbers was apparently accessed by an “unauthorized” third-party on May 13, 2014.
The incident is still under investigation and Uber has filed a “John Doe” lawsuit in San Francisco Federal Court, a maneuver used when there are currently unknown persons being sued, in this case, to help gather information to identify the attacker(s).
Uber did not disclose how the incident was detected, but did state the vulnerability has been patched and that there is no indication the data has been misused, to date.
Uber is reaching out to the affected drivers, offering free identity protection services and encouraging them to monitor credit reports for fraud.