Roughly 75 days after the September public announcement of the Equifax data breach, the details of another massive breach, which happened over a year ago, is now all over the news. On Tuesday, November 21st, 2017, Bloomberg broke the headline that in October 2016, transportation giant, Uber, experienced a breach that compromised personal information of 57 million consumers.
According to CNN, it’s estimated that the 57 million Uber users includes names, email addresses and phone numbers. Hackers also accessed driver’s license numbers of around 600,000 drivers in the United States. The 600,000 was included in the total number of affected users.
Uber states the following on their web site:
Rider information included the names, email addresses and mobile phone numbers related to accounts globally. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.
However, what also broke alongside the Uber breach news was that the company paid hackers $100,000 to keep the hacked information off the Dark Web – by having them delete the data they stole, according to Wired Magazine.
Uber Defies Data Breach Disclosure Laws, Taking Extreme Measures to Hide Impact
If you’ve been following Uber over the last 12 months, this is yet another major PR nightmare for them. However, it’s also shining a light, again, on data breach disclosure practices.
According to a TechCrunch article, not only is the New York Attorney General’s office opening a case to investigate the $100,000 cover up, Uber may also be in hot water with its home state of California. TechCrunch states that under Civil Code 1798.82, businesses are required to disclose data breaches affecting more than 500 state residents to the Attorney General “in the most expedient time possible and without unreasonable delay.”
Once a breach happens, the clock starts ticking as the bidding begins between hackers and identity buyers. Uber allowed approximately 600,000+ minutes to pass before they chose to inform the American people. That’s nearly 10,000 hours before Americans were told their personal data may have been compromised. A lot can happen in that span of time. The impact of this latest data breach on the estimated 57 million Americans remains unknown, but significant repercussions are inevitable.
While it’s hard to condemn an organization itself for having a data breach, as no organization is categorically safe from such an attack, we all can absolutely take issue with their lack of transparency and communication to the American people. Waiting over a year to inform consumers only compounded vulnerabilities for those people whose data was breached. Uber should have divulged this information, as California state law describes, “without reasonable delay” and empowered people to take steps to protect their identities.
Uber Breach Victims: How to Protect Yourself and Your Family Against Identity Theft
Now is the time to start taking control of our identities and personal information. We are all vulnerable. No class-action lawsuits, government regulations, pre-recorded videos from CEOs apologizing for the latest breach, or notification letters from hacked companies will make this problem disappear.
At IdentityForce, the best advice we can continue to provide to our members, is to stay vigilant. We recommend that Americans everywhere continue to be mindful of the information you are giving out.
Here are some additional steps you can take today in light of the Uber data breach:
6 Tips for Potential Uber Data Breach Victims
- Credit Bureau Notification: Contact the three credit bureaus (Experian, Equifax, and Transunion) and request to have an initial 90-day fraud alert placed on your credit file.
- Request A Free Copy Of Your Annual Credit Report:Take great care to review your credit reports. If you find inaccurate information, contact the companies listed on the credit report(s) directly. You can also contact the Identity Theft Resource Center, a non-profit, at (888) 400-5530 to assist you, and/or subscribe to an identity and credit monitoring service to alert you when your personal information is used.
- If You Confirm That You’re A Victim Of Identity Theft, Create An Identity Theft Report With The Federal Trade Commission (FTC): Expect law enforcement to request a copy of this report when you contact them.
- Consider Placing An Extended Fraud Alert Or Security Freeze On Your Credit: Creditors will still have access to your credit file, even though you’ve placed a 7-year extended fraud alert, but must first contact you to verify your identity before extending credit. A credit freeze generally prevents creditors from accessing your credit file. To request one, you must call each credit bureau directly. Laws vary by state.
- File Your Tax Returns As Soon As You Can: Filing an early tax return protects you from identity thieves who could file and collect your tax refund before you do. In the case with the Equifax data breach, you’ll want to keep this in mind and stay especially vigilant around getting your tax return filed earlier than perhaps typical so that you allow time to remediate any issues.
- Contact The Social Security Administration: Request a copy of your wage earning report to verify that your social security number is not being used fraudulently, which could result in your owing taxes for wages earned by someone who’s stolen your information.
FREE TRIAL FOR UBER USERS | The Time to Protect Yourself is Now
Underestimating the risk of having your personal information on the Dark Web can have terrible implications. Try IdentityForce’s best-in-class identity protection services for 14 days at no charge. Our mobile app with real-time alerts makes protecting your identity easier than ever, while giving you peace of mind. If you recognize the enormity of digital threats facing us today, Sign Up to get started or Contact Us for more information.