HQ/EMEAFind out how we can help your business
The international transportation company, Uber, has suffered another security breach. In this instance, the attackers have stolen the personal information of the app’s drivers from the IT systems of a law firm.
Initial findings of the law firm revealed that the incident compromised the information given to Uber. Tax identification numbers and Social Security numbers data could have suffered from the attack.
Moreover, the law firm’s notification letter showed that it first noticed the suspicious activity in late January 2023. The suspicions urged the company to employ a forensic security team to evaluate the incident. The security team claimed that the unwanted activity was a digital intrusion.
Subsequently, the attorneys contacted relevant law enforcement agencies after knowing about the incident. The firm immediately changed all system passwords and assured everyone they would improve their security protocols to defend their data. However, the law firm did not explain how it would enhance its data security.
The compromised Uber data from the third-party entity will not affect individuals.
According to investigations, the impacted Uber third party discovered that a threat actor infiltrated the unauthorised access to their systems between January 23 and January 31, 2023. The intrusion resulted in the exfiltration of a limited number of files and some data.
The law firm’s announcement also explained that they had executed a comprehensive review to identify the stolen information.
The attorneys added they possessed this personal information due to doing legal work for Uber. The impacted individuals will get a year of free identity monitoring services to compensate for the stolen information since the actors could use the data for identity theft or sell on dark web markets.
This cybercriminal incident is another instance in which Uber lost information. Last year, threat actors also infiltrated its network of the software provider and supplier Teqtivity. The illegal operation was caused by a cybercriminal group called UberLeaks, which exposed the data of Uber workers on a cybercrime forum.
