I first reported to you about a massive data breach at Uber in a Scam of the day in November of 2017. Unfortunately, the data breach had actually occurred in 2016 and Uber did not disclose that it had suffered the data breach until 2017. Personal information including names, email addresses and mobile phone numbers of 20 million Uber users and employees was stolen.
There are a number of major concerns unique to this data breach, most prominently that the data breach occurred in 2016 and Uber did not publicly disclose that it had occurred until late in 2017. This is a violation of federal and state laws and regulations. Uber has now agreed to pay 148 million dollars to the Attorneys General of all of the 50 states and the District of Columbia to settle charges brought against it for its failure to exercise proper security and its failure to promptly report the data breach as required by law. Also, under the terms of the settlement, Uber is required to comply with all state laws pertaining to protecting personal information and to immediately notify the appropriate authorities in the event of another data breach. Uber also agreed under the terms of the settlement to establish new stronger security protocols.
Here is a link to the settlement: https://www.iowaattorneygeneral.gov/media/cms/Uber_settlement_52ACD2FA91D70.pdf
If you were a Uber user or employee in 2016 you are in jeopardy of identity theft. Additionally, we do not know precisely how long the data breach actually occurred. If indeed the information lost was limited to your name, email address and mobile phone number, the biggest threat to you will be from spear phishing emails and text messages that may appear quite legitimate because the come addressed to you by name and may appear to relate to a legitimate purpose. Clicking on links contained in these emails and text messages puts you at risk of downloading malware that can lead to identity theft or ransomware malware. As always, the best course of action is to never click on any link, regardless of how legitimate it may appear until you have confirmed that it is legitimate.
A helpful website that tracks data breaches and whether you have been affected by them is Have I Been Pawned where you can go to and find out if your information was affected by recent data breaches. Here is a link to their website. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”