Third-party incident exposes Uber drivers' confidential information
Uber has experienced a third-party breach affecting some of its drivers' personal data, including social security numbers and tax identification numbers. The incident, which occurred at outside legal counsel Genova Burns LLC in March, serves as a reminder of the importance of cybersecurity.
Genova Burns is taking additional steps to improve security and prevent similar incidents in the future. However, they are not aware of any actual or attempted misuse of the stolen information.
Uber, in response, is offering impacted drivers complimentary credit monitoring and identity protection services. The breach did not originate from Uber's internal systems, but it is a potential risk for identity theft or other fraudulent activity for affected drivers.
In light of this breach, it is essential for individuals to take proactive steps to safeguard their personal information. Here are some best practices for individual cybersecurity protection after a third-party data breach:
- Check if your credentials were exposed: Use breach audit services such as Have I Been Pwned or Cybernews Leaked Password Checker to identify compromised accounts.
- Reset passwords on critical accounts immediately: Start with email, banking, cloud storage, and work accounts. Use long, unique passwords that are different for each account.
- Enable two-factor authentication (2FA) or passkeys on all sensitive accounts, preferably with apps or hardware tokens rather than SMS, for stronger security.
- Adopt a trusted password manager to generate and store complex passwords securely, and consider offline encrypted backups of credentials and 2FA recovery codes on hardware devices.
- Sign up for credit monitoring services—some companies affected by breaches provide free monitoring. Third-party services can also alert you to suspicious activity or new accounts opened in your name.
- Order free credit reports regularly to check for unfamiliar accounts or charges, and consider placing a credit freeze or fraud alert to block new accounts being opened fraudulently.
- Be vigilant about phishing and suspicious communications, educate family and associates about cyber risks, and avoid clicking on unknown links or attachments.
- If you detect fraud or identity theft, report it promptly through official resources such as identitytheft.gov, which can guide you on remediation steps.
- Maintain awareness that stolen data may circulate indefinitely, so ongoing monitoring and cautious use of your information is critical to minimize long-term risks.
Limiting the amount of personal information shared online and being cautious of suspicious emails or messages that ask for sensitive data is advisable. The theft of drivers' personal information highlights the need for robust cybersecurity measures and regular monitoring of third-party providers' security protocols.
Affected drivers and all individuals should remain vigilant and proactively protect their personal information. The breach is not related to Uber's regular ride-hailing services.
- To protect themselves, individuals should use encyclopedia-like resources such as Have I Been Pwned or Cybernews Leaked Password Checker to check if their credentials were compromised in the cybersecurity breach.
- Given the risk of identity theft or fraudulent activity due to the breach, it's crucial to not only reset passwords on critical accounts but also enable two-factor authentication using more secure methods than SMS for added cybersecurity protection.
