
To consumers, Uber is a lot like a taxicab service and currently operates in over 45 countries and most major cities in the US except for, interestingly, the liberal Portland, Oregon. Fares are generally quite a bit less than a traditional taxi, which makes Uber rather unpopular with the taxi industry.

Uber drivers are known to be subjected to a lot of surprises, but identity theft at the hands of their employer was probably not one they ever expected.
To Uber’s drivers, who use their own cars to schlep these consumers around, are connected to their passengers via the Uber app, which works on Apple iOS, Android and Windows Phones.
Uber puts their drivers and consumers together using both of their phone’s GPS capabilities, communicating each other’s locations so each know how long it will be until they are united for this business transaction.
Uber processes all payments, charging the consumer’s credit and keeps 5% to 20% and directly deposits the remaining moola into their driver’s bank account. Uber is currently valued at a staggering $17 billion.
Yet even with all the money Uber can’t stay secure as they suffered a significant security breach in their database left 50,000 Drivers Vulnerable to Identity Theft.
An unknown hacker from outside the company apparently broke in May 13, 2014, stealing the names and driver’s license numbers of roughly 50,000 current and former drivers.
A statement from Uber on February 27th of this year revealed that the breach wasn’t discovered until mid-September of 2014, meaning that the information has been unprotected in the cyber world for almost an entire year. The statement also claimed that no drivers have reported any incidents and that the database is currently secure.
This data breach occurred just 30 days after Uber’s network security obtained a positive report as part of an external audit related to their privacy. The audit was conducted after Uber discovered a security flaw that left its passengers vulnerable, not its drivers. To beef up security, the report recommended that Uber:
- Train its network operators on potential vulnerabilities
- Restrict access to any data about its employees
However, the recommendations might not have done enough to protect Uber’s drivers’ information.
Uber is taking the privacy of its drivers seriously, offering all of the affected employees one year of identity protection services at no cost to them. Uber has also notified the California attorney general, as 21,000 of the drivers affected are currently working in the nation’s most populous state.
Those of us watching from the sidelines might wonder: why would hackers target Uber drivers? The reason is simple: driver’s license numbers. Driver’s license numbers, along with their corresponding names and addresses, come in awful handy for opening up fake credit card accounts and ID cards – a lucrative market for identity thieves. Official state information – like a driver’s license number – helps to authenticate a fraudulent account, making it that much easier to steal a person’s identity.
APR
About the Author:
Online Security Expert Todd Laff reviews online hacks and security issues and how to protect yourself and secure your network.