Driver info stolen after law firm breached


For the third time in the last six months, internal Uber data has been compromised. This latest incident is the result of a supply chain attack.

Uber, yet again, has become a victim of data theft following a third-party breach. This time, threat actors have aimed at the company’s law firm, Genova Burns. Data of Uber’s drivers may have been swiped during the security incident.

According to the letter sent to affected drivers, the firm became aware of “suspicious activity relating to our internal information systems” on January 31, 2023. It immediately engaged with hired experts to investigate. Data was extracted between the 23rd and the 31st. The firm also contacted Uber regarding the breach after discovering that driver data was affected.

The Register, who first reported the incident, shares the below statement from an Uber spokesperson regarding the attack against Genova Burns:

Impacted information held by Genova Burns included information of certain drivers who had completed trips in New Jersey, including social security number and/or tax identification number. These drivers have been notified that their social security number and/or tax identification number have been potentially impacted and offered complimentary credit monitoring and identity protection services.

Genova Burns indicates that they are not aware of any actual or attempted misuse of the information, and confirmed that they are taking additional steps to improve security and better protect against similar incidents in the future.

The firm also promises to take “additional steps to improve security and better help protect against similar incidents in the future.” It didn’t elaborate on those steps, however.

No Uber customer data was touched in the attack. Affected drivers, as per usual, get one year free of identity monitor services as compensation, according to The Register.

Uber is no stranger to supply chain attacks. In December, threat actors raided data from Teqtivity, a vendor that provides asset management and tracking services for the company. 77,000 Uber employee data were later on leaked.


Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW



Source link