The National Cyber Security Centre (NCSC) has issued advice to customers and drivers after a breach was reported to them.
A breach of Uber customers’ and drivers’ records from October 2016 was reported to the NCSC on Tuesday 21 November 2017.
Based on current information, the NCSC have not seen evidence that financial details have been compromised. They are working with the ICO to verify the extent of this breach, including the type and volume of information compromised.
- Do not feel obliged to delete the app. The incident took place over a year ago and we have seen no evidence of additional risk having the app on your phone today.
- Immediately change passwords you used with Uber. Legitimate users can make a compromised password useless by replacing it with a new one the attacker does not know. If you re-used the same password on other accounts, you should change the password on those too.
- Be alert to potential phishing emails. Phishing attacks can come through emails sent by strangers that mimic an established or trusted party to lure compromising information from the recipient. Since Uber’s data includes personal information, such as customers’ phone numbers and driving licence information, these could be used by scammers to make phishing emails more convincing.
- Be vigilant to potential scam phone calls. Be especially vigilant against phone calls you receive. If you do receive a phone call that is suspicious - for example, one that asks you for security information - do not divulge any information and hang up. When you next pick up the phone, make sure there is a dial tone to ensure the caller is not still on the line. Immediately contact the organisation that the caller claimed to be from using a phone number gained from their company website. Do not use any details provided during the previous call – these could be bogus.
- Contact us if you think you have been a victim.