Uber announced on February 27, 2015, that current and former drivers may have had their personal information exposed in a data breach.
The ridesharing service believes an unauthorized third party infiltrated their systems on May 13, 2014 and stole the names and driver's license numbers of 50,000 Uber drivers. While the data breach only impacted a small percentage of drivers, the breach was nationwide.
Uber has since patched the security vulnerability, but there is much cause for concern.
Because every license number is unique to an individual, the number is tied to an abundance of personal information. While the number alone is unlikely to be used to commit fraud or identity theft, if it is paired with additional information exposed in another breach (such as Target, Home Depot, orAnthem) the criminal would have a "complete identity theft kit" and could have free range over your finances, criminal and medical records.
Information from breaches is commonly shared and sold on online black markets, so combining bits and pieces of someone's information is plausible and, in theory, relatively easy.
It is important to note that this is not Uber's first bout with privacy concerns. In late 2014, Uber was severely criticized for tracking the whereabouts of riders without their permission. It will be interesting to see how seriously the company handles their data breach.
What should you do?
If you think you may have been affected by the Uber data breach, you should contact your local motor vehicle administration office and obtain a new driver's license. Your new license will come with a new number to prevent identity theft. Some states might flag your compromised driver's license number to alert law enforcement officials of fraud if they were to encounter an impostor falsely presenting your driver's license number. This is a vital step toward ensuring that your record is not intermingled with an identity thief's record.
Impacted drivers should also pull their credit report and look for unfamiliar accounts or lines of credit in their name. It is also important to monitor your credit score for inexplicable changes that might signal identity theft.
Uber is providing impacted drivers with one year of free credit monitoring services and will be filing a "John Doe" lawsuit so they can more effectively gather breach-related information in order to determine the responsible third-party.