I first reported to you about a massive data breach at Uber in a Scam of the day in November of 2017. Unfortunately, the data breach had actually occurred in 2016 and Uber did not disclose that it had suffered the data breach until 2017. Personal information including names, email addresses and mobile phone numbers of 20 million Uber users and employees was stolen.
There are a number of major concerns unique to this data breach, most prominently that the data breach occurred in 2016 and Uber did not publicly disclose that it had occurred until late in 2017.  This is a violation of federal and state laws and regulations. I reported to you two months ago that Uber agreed to pay 148 million dollars to the Attorneys General of all of the 50 states and the District of Columbia to settle charges brought against it for its failure to exercise proper security and its failure to promptly report the data breach as required by law. Also, under the terms of the settlement, Uber is required to comply with all state laws pertaining to protecting personal information and to immediately notify the appropriate authorities in the event of another data breach. Uber also agreed under the terms of the settlement to establish new stronger security protocols.
Now two hackers, one Canadian, Vasile Mereacre and one American, Brandon Glover have been indicated on hacking and extortion charges related to a data breach at online learning Portal Lynda in which data of 55,000 Lynda users was compromised. These two men are thought to also have been behind the Uber data breach.
TIPS
If you were a Uber user or employee in 2016 you are in danger of identity theft.  Additionally, we do not know precisely how long the data breach actually occurred.  If indeed the information lost was limited to your name, email address and mobile phone number, the biggest threat to you will be from spear phishing emails and text messages that may appear quite legitimate because the come addressed to you by name and may appear to relate to a legitimate purpose.  Clicking on links contained in these emails and text messages puts you at risk of downloading malware that can lead to identity theft or ransomware malware.  As always, the best course of action is to never click on any link, regardless of how legitimate it may appear until you have confirmed that it is legitimate.
A helpful website that tracks data breaches and whether you have been affected by them is Have I Been Pawned where you can go to and find out if your information was affected by recent data breaches. Here is a link to their website. https://haveibeenpwned.com/ Frankly, however, in this day and age, you should assume that you have been a victim in at least one major data breach, which is why you should be particularly wary of spear phishing emails attempting to exploit the data stolen by luring you into clicking on links containing malware.
It is expected that we will learn more about the Uber data breach as the cases against Mereacre and Glover proceeds.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”