The controversial taxi service Uber admitted this past Friday that an unauthorized third party accessed their database. Thankfully for Uber, who are already rather deep in controversy, this particular security breach did not compromise user data. Instead, the names and licence number of 50,000 Uber drivers (known as 'driver partners') from various US states were accessed. Uber claims, however, that this number is merely "a small percentage of current and former Uber driver partners."
According to the blog post released this past Friday by Uber's Managing Consul of Data Privacy Katherine Tassi, on September 17, 2014 Uber discovered a security flaw that may have allowed their databases to have been accessed. The post went on to say that an actual breach had been discovered, and that breach had taken place on the 13th of May, 2014. Most comforting of all, Uber claims that they have yet to receive any reports or in any other way be made aware of the use of this compromised data. Still, the impacted drivers were notified and warned to be on the lookout for any fraudulent transactions or accounts that may appear in their names. IN a form of compensation, Uber has as well decided to offer a year of free identity protection service to the affected drivers.
The company has of course taken measures to ensure such a breach does not occur again. The blog post claims that "Uber takes seriously our responsibility to safeguard personal information, and we are sorry for any inconvenience this incident may cause." As well, in order to gather information that may ultimately lead to the identity of the third party that perpetrated this breach, Uber has filled a 'John Doe' lawsuit, a type of lawsuit that begins due process prior to knowledge of the identity of the guilty party.
Considering both the security breaches and the cavalier use of customer privacy, are companies such as Uber doing enough to both protect and respect their data we share with them?