Uber has finally come up with a figure for the number of UK-based riders and drivers affected by its massive data breach: 2.7 million.
The taxi hire firm has been slammed by regulators around the world for keeping the hack, which happened in October 2016, quiet for the best part of a year.
To make matters worse, when it eventually ‘fessed up, Uber was unable to give regulators a nation-level breakdown of the 57 million affected users for days afterwards.
It has today updated the information on its webpage about the hack, saying that it involved “approximately” 2.7 million riders and drivers.
“This is an approximation rather than an accurate and definitive count because sometimes the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives,” Uber said.
The Information Commissioner’s Office said that it expected Uber to alert the affected people as soon as possible. (We assume this means actively getting in touch with people, rather than hoping they’ll be regular visitors to the hack info page.)
However, both the ICO and National Cyber Security Centre have said that, based on the information stolen, it is unlikely to directly expose people to financial crime but could put them at risk of scams.
“Uber has said the breach involved names, mobile phone numbers and email addresses,” said deputy commissioner James Dipple-Johnstone.
“On its own this information is unlikely to pose a direct threat to citizens. However, its use may make other scams, such as bogus emails or calls appear more credible.”
Dipple-Johnstone added that the ICO’s investigation team is “still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised”.
The UK’s investigation is just one of many the taxi biz is facing, with European regulators due to discuss what action to take at a meeting today.
Meanwhile, across the pond, the firm is facing state-backed lawsuits, with the second landing yesterday from the State of Washington. ®