Uber has suffered yet another security breach, resulting in the theft of personal information belonging to the ride-hailing app’s drivers. Miscreants stole the information from the IT systems of law firm Genova Burns, according to a letter [PDF] sent to affected drivers. The firm confirmed that the stolen data included the driver’s name, Social Security number, and/or Tax Identification number, all of which had been provided to Uber.
In March, Genova Burns LLC, an external legal counsel, informed Uber of a security incident that had occurred in their systems. The breach had exposed the personal information of certain drivers who had completed trips in New Jersey, including their Social Security number and/or Tax Identification number. Uber notified the affected drivers, offering them complimentary credit monitoring and identity protection services. Genova Burns has confirmed that there has been no known misuse of the information and has taken additional security measures to prevent similar incidents from occurring in the future.
According to a letter sent by Genova Burns to affected drivers, the law firm became aware of suspicious activity in its IT systems on January 31. To investigate the issue, the firm hired a forensic security team, which confirmed a digital break-in. After identifying the breach, Genova Burns notified law enforcement, reset all system passwords, and pledged to implement further measures to improve security and prevent future incidents.
The intrusion notice stated that “an unauthorized third party accessed our systems and obtained certain defined files” between January 23 and January 31, 2023. The law firm conducted a “comprehensive review” to determine the extent of the data that was stolen.
Story Credit
