Uber said Friday that its database was breached in a cyberattack that exposed the personal data of roughly 50,000 of its drivers. The ridesharing service claims that the hacker accessed only the names and license numbers of a “small percentage” of its drivers.
Uber said, in a company blog post, that it found evidence of the possible breach by someone from outside the company in September. It responded by changing the database’s password and began an investigation that revealed the database had been hacked once in May.
The attacker got information about current and former drivers from a number of states, Uber said. However, the company added, it had not “received any reports of actual misuse of any information as a result of” the breach. Uber did not say why it waited to reveal details about the breach until now.
In November, Uber came under fire after an executive suggested hiring investigators to dig into the “personal lives” and “families” of journalists that criticized it. The company also had issues about drivers’ salaries and concerns over passenger safety.
Uber said it would pay for a year of credit-monitoring and identity theft protection service for drivers whose personal data was stolen in the attack, a common practice for companies that have been hacked. It said it had also filed a lawsuit to help collect information about the identity of the attacker.