Uber data breach

5 December 2017

In November 2016 the personal details of 57 million people around the world were compromised when two individuals hacked Uber’s cloud-based service.

The company says that it took immediate steps to secure the data and shut down further unauthorised access but did not disclose the breach to the public at the time.

The stolen information includes names, email addresses, phone numbers and the drivers’ license details of at least 600,000 US Uber drivers.

Uber says the downloaded data has been destroyed and there is no indication it was misused. Uber users should monitor their credit card and Uber accounts, and report any irregularities to Uber and their bank.

Businesses must have appropriate security measures in place to protect the information of their customers. The Australian Cyber Security Centre recommends all organisations put in place the Australian Signals Directorate's Essential Eight strategies to mitigate cyber security threats.

From February next year, the Notifiable Data Breaches scheme will require organisations covered by the Australian Privacy Act to notify any individuals likely to be at risk of serious harm by a data breach.

Advice about the breach is available on the Uber website.