App-based cab firm Uber has admitted paying $10,000 (£75,500) to cover up a data breach that impacted 2.7 million of its UK users.
The company’s database was hacked in 2016, with cybercriminals obtaining access to 57 million names, email addresses and mobile numbers from account holders around the world. Uber was then served a ransom to keep this information quiet and for the records to be destroyed – which it duly paid.
Now the company has come clean about the hack and confirmed that 2.7 million of the total came from UK account holders. However, it went on to say that the ransom meant stolen data had been destroyed, meaning anyone impacted by the data breach is safe and doesn’t need to take action.
A statement released by the company said: “We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection.”
Despite this, the Information Commissioners Office has advised Uber to disclose to account holders whether their details were among those obtained by the cybercriminals. Anyone impacted can then be extra vigilant against any ways in which their information can be used, such as cold calls or scam emails.
ICO deputy commissioner James Dipple-Johnstone, told The Independent: “We would expect Uber to alert all those affected in the UK as soon as possible.
“On its own this information is unlikely to pose a direct threat to citizens. However, its use may make other scams, such as bogus emails or calls, appear more credible. People should continue to be vigilant and follow the advice from the NCSC.”
These comments were echoed by London mayor Sadiq Khan, who said that customers should be informed of whether their information was taken and what risk factors are involved. He added that assurances that measures have been put in place to ensure such a breach isn’t repeated must also be made.