Uber data breach spread to 2.7 million British accounts
A data breach which saw the details of 57 million users of popular ride-sharing app Uber compromised affected just under 3 million accounts in the UK, according to reports.
The attack on Uber’s systems, which took place in October 2016, gained access to 2.7 million accounts of both users and drivers in the UK, the company revealed this week.
Though what exactly was obtained by the hackers remains unclear, the data obtained is understood to include names, email addresses and phone numbers. Uber has stressed that attackers did not gain credit card or bank account numbers, dates of birth or even trip histories from affected users.
The American firm has been widely criticised both for its failure to admit that it had been hacked and for paying money to those responsible to ensure their silence, including former chief security officer, Joe Sullivan, who helped facilitate a 13-month cover-up.
In a statement released this week which divulged the full extent of what Uber knows about the attacks, the firm said the figures were still approximations of the number of users affected.
It read: “Sometimes the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives.”
The Information Commissioner’s Office (ICO), the UK’s data regulator, said previously that it had “huge concerns” about the breach.
Reacting to Uber’s recent announcement, an ICO spokesperson said: “As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised."
"We would expect Uber to alert all those affected in the UK as soon as possible."
The UK’s digital minister Matt Hancock also said the government “expects Uber to respond fully to the incident with the urgency it demands” and provide the appropriate support.