Uber said about 2.7 million British users were affected by the ride-sharing company’s recently disclosed data breach, U.K. regulators announced Wednesday.
“Uber has confirmed its data breach in October 2016 affected approximately 2.7 million user accounts in the U.K.,” said James Dipple-Johnstone, the deputy commissioner of the Information Commissioner’s Office data regulator.
Account holders affected by the breach had their names, mobile phone numbers and email addresses accessed by hackers, Mr. Dipple-Johnstone said in a statement, adding that he expected Uber to notify victims “as soon as possible.”
“On its own this information is unlikely to pose a direct threat to citizens. However, its use may make other scams, such as bogus emails or calls, appear more credible,” he added.
British regulators are working with the U.K. National Cyber Security Center (NCSC) and other relevant authorities domestic and abroad “to ensure the data protection interests of U.K. citizens are upheld,” Mr. Dipple-Johnstone said.
The NCSC agreed that the breach doesn’t pose a direct threat to Uber users but that customers should “continue to be vigilant,” the agency said in its own statement Wednesday.
Uber boasted over 5 million active riders and 50,000 drivers in the U.K. as of 2016, London’s Telegraph reported, suggesting a majority of its British accounts holders were affected by the security breach.
“This latest shocking development about Uber will alarm millions of Londoners whose personal data could have been stolen by criminals,” said London Mayor Sadiq Khan.
“Uber need to urgently confirm which of their customers are affected, what is being done to ensure these customers don’t suffer adversely and what action is being taken to prevent this happening again in the future,” Mr. Khan said, The Telegraph reported. “The public will want to know how there could be this catastrophic breach of personal data security.”
The latest details concerning the scope of the colossal Uber breach emerged as the company continues to come under fire after disclosing the incident last week more than a year after the fact.
Uber account information became compromised after hackers breached a third-party database in late 2016, but the company “subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed,” Uber’s newly appointed CEO, Dara Khosrowshahi, said in a Nov. 21 statement disclosing the data breach.
Uber paid the hackers $100,000 to keep the incident under wraps, according to multiple news reports.
Mr. Khosrowshahi learned of the breach after becoming CEO of Uber in August and has since fired two employees implicated in the company’s response, he said last week.
Senators on both sides of the aisle wrote Mr. Khosrowshahi on Monday seeking additional details about the data breach, and the incident is currently being reviewed by the U.S. Federal Trade Commission and attorneys general in several states.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.