Officials with Uber said some personal information of 57 million Uber users were possibly affected by a data breach that took place in 2016.
According to a statement posted on Uber's website and penned by its CEO, Dara Khosrowshahi, the company was aware, in late 2016, that two individuals outside the company had inappropriately accessed and downloaded user data that was stored on a third-party cloud-based service.
The incident, according to the statement, did not breach the company's systems or infrastructure.
Forensics experts, according to officials, did not see any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers, or birth dates were download. However, the files reportedly contain the names and driver's license numbers of around 600,000 drivers in the U.S., as well as some personal information of 57 million Uber users around the world, including names, e-mail addresses, and mobile phone numbers.
The data, according to the statement, has now been secured, and the company has received assurances from the individuals who allegedly accessed the data that the downloaded data are destroyed.
Khosrowshahi said the company are notifying each of the drivers affected, and they will offer these drivers free credit monitoring and identity theft protection. In addition, the statement said the two individuals who led the company's response to the incident are no longer with the company.
In addition, regulatory authorities have reportedly been notified, and accounts affected are being monitored by Uber, and have been flagged for additional fraud protection.
Information about Uber's 2016 Data Security Incident (for riders)
Information about Uber's 2016 Data Security Incident (for drivers)