According to a breach notification sent to affected drivers by law firm Genova Burns, an unauthorized third party accessed the law firm’s systems between January 23 and 31, 2023, resulting in the theft of sensitive data belonging to Uber drivers. The stolen data included the drivers’ names, Social Security Numbers, and Tax Identification numbers.
While it’s unclear if this is all of the data that was taken, Genova Burns has taken steps to secure the environment by changing all system passwords, notifying the police, and offering 12 months of free identity monitoring services through Kroll. Uber, which was represented by Genova Burns, confirmed the data was related to certain drivers who had completed trips in New Jersey and that there was no evidence of the data being used or any attempt to do so.
Uber has suffered several cybersecurity incidents in the past, including the 2016 data theft fiasco, the 2022 Lapsus$ data theft, and the Teqtivity supply chain attack.
