Popular car service Uber said it is notifying about 50,000 drivers of an unauthorized access to a company database that contained drivers’ license numbers and names.
The “one-time unauthorized access” by an unidentified third-party occurred nearly a year ago–in May, said Uber in a blog entry by Katherine Tassi, managing general counsel of data privacy.
In addition to it statement on the breach, Uber said it filed what is known as a “John Doe” lawsuit to “gather information to help identify and prosecute this unauthorized third party.”
Uber said it realized on September 17 that its database could potentially be breached. “Upon discovery we immediately changed the access protocols for the database and began an in-depth investigation,” said Uber, adding that it changed access protocols immediately.
But the breach–unnoticed for about four months–impacted about 50,000 drivers across multiple states.
“We are notifying impacted drivers, but we have not received any reports of actual misuse of information as a result of this incident,” Uber said. Only names and driver’s license numbers were accessed.
Uber is providing a free one-year membership of identity theft protection from Experian.