Ride-sharing company reveals 380,000 in Singapore were affected by the massive data breach that compromised 57 million accounts globally, but says no fraud or misuse has been tied to these users.
Uber says an estimated 380,000 users in Singapore were impacted by the 2016 data breach that compromised 58 million accounts globally, but finds no incidents of fraud related to the attack.
The ride-sharing operator posted a statement on its website Friday with the update, noting that the figure was “an approximation rather than an accurate and definitive count”. The number was determined from data extracted from its app or online site and based on codes assigned to specific countries, which might not always correspond with where the user actually lived, it explained.
Uber said it had taken “immediate steps to secure the data” when the breach was uncovered and blocked further unauthorised access. It added that affected customers need not take any action since there was no indication the breach had resulted in any fraudulent transactions.
“Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, or dates of birth were downloaded,” it said. “We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection.”
Reports emerged last month that some customers in Singapore found charges made to their Uber accounts and credit cards for rides they never took, including transactions made in the UK and US and in foreign currencies. The company said then that these were not linked to the global data breach, since details related to credit card numbers or bank account numbers were not believed to have been compromised in the attack.
Uber admitted to have concealed the data breach for more than a year, paying off hackers US$100,000 to delete the data and keep quiet about the incident.
In a note commenting on Uber’s latest statement in Singapore, Sanjay Aurora, Asia-Pacific managing director for security vendor Darktrace, said the onus was on companies to safeguard their customers’ data.