Uber has had extra of its inside knowledge stolen from a 3rd social gathering that suffered a safety breach. This time, the private information of the app’s drivers was swiped by miscreants from the IT techniques of legislation agency Genova Burns.
In a letter [PDF] to affected drivers, the legal professionals mentioned that they had seemed into the intrusion, and had some dangerous information: “The investigation decided that info you offered to Uber, together with your identify and Social Safety quantity and/or Tax Identification quantity, was among the many impacted knowledge.”
Uber didn’t reply to The Register‘s query about what number of of its drivers had their data stolen. A spokesperson as a substitute emailed us this assertion:
Genova Burns mentioned in its letter it first grew to become conscious of suspicious exercise inside its IT techniques on January 31, and employed a forensic safety staff to probe what turned out to be a digital break-in.
Because of that probe, the attorneys alerted legislation enforcement, modified all system passwords, and promised to take “extra steps to enhance safety and higher assist shield towards comparable incidents sooner or later.”
No phrase, nevertheless, on what these extra steps will contain. Genova Burns declined to reply The Register‘s particular inquiries in regards to the intrusion.
“We decided that an unauthorized third social gathering gained entry to our techniques and sure restricted recordsdata have been accessed or exfiltrated between January 23, 2023 and January 31, 2023,” the intrusion discover acknowledged, including the legislation agency undertook a “complete evaluate” to find out what the crooks stole.
And, per ordinary, affected people get 12 months of free id monitoring providers to compensate for his or her stolen knowledge, which may very well be used for id theft, or bought on cybercrime boards.
This occurred final yr after a separate third-party breach. After breaking into the community of software program supplier and Uber provider Teqtivity, a cyber felony calling themselves UberLeaks shared knowledge pertaining to Uber staff on BreachForums.
No Uber buyer knowledge was touched in that privateness breach, although info on greater than 77,000 Uber and UberEats staff was leaked. A number of the launched knowledge additionally associated to third-party vendor providers and to cell system administration platforms Uber makes use of.
The app maker has suffered its share of data-theft fiascos, most notably the 2016 intrusion during which crooks stole 57 million buyer and driver data. Uber famously tried to cowl up that heist by passing off a ransom fee, made to the thieves to get well the information, as a bug bounty award. Firings and lawsuits ensued.
Extra just lately, in September 2022, a young person affiliated with the Lapsus$ gang accessed Uber’s inside techniques, together with the company’s G Suite account, and downloaded inside Slack messages and a instrument utilized by its finance division to handle “some” invoices.
The intruder mentioned they broke into Uber for enjoyable, may launch a few of its supply code, and described the corporate’s safety as “terrible.” ®