Approximately 2.7 million UK riders and drivers were affected by the recently disclosed breach of ride hailing service Uber, the firm has finally revealed.
In an update to its Help section, the controversial firm claimed it could not be more accurate about the figure, which is said to represent around half of all UK users.
It said:
“This is an approximation rather than an accurate and definitive count because sometimes the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives.”
Uber reiterated that the breach affected names, email addresses and mobile phone numbers for Uber customers and that its “outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded”.
However, that wasn’t good enough for the Mayor of London, Sadiq Khan, who described it as a “catastrophic breach”.
“This latest shocking development about Uber will alarm millions of Londoners whose personal data could have been stolen by criminals,” he said in a statement.
“Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don’t suffer adversely, and what action is being taken to prevent this happening again in the future.”
The incident will do nothing to help Uber’s case as it fights a decision by TfL and the mayor to revoke its license.
Hiwot Mendahun, cyber resilience expert at Mimecast, argued that users need to be extra vigilant against suspicious emails, texts or even phone calls from potential scammers.
“Impersonation attacks are already the easiest way to trick people in giving away money or valuable data and easily bypass many traditional security defences,” he added.
“Thankfully, it appears that no trip location histories were included in the breach, as the privacy and safety implications of that would be horrendous.”
Uber shocked the world last week when CEO Dara Khosrowshahi admitted the firm had covered up a breach of info on 57m riders and drivers last year, after paying the hackers $100,000 to delete the data.