Uber, a leading ride-hailing service, has once again faced a data breach that compromised the information of its drivers. This time, the hack targeted Genova Burns, the law firm hired by Uber.
The breach occurred due to suspicious activity relating to the law firm’s internal information systems, with data being extracted between January 23 and 31, 2023. The affected drivers were notified of the breach and offered complimentary credit monitoring and identity protection services. In this article, we will examine the details of this latest data breach and how Uber is responding to it.
The Law Firm’s Breach
The breach, discovered on January 31, 2023, was immediately investigated by Genova Burns. The law firm discovered that driver data may have been accessed during the breach and informed Uber of the incident. The impacted information included details of certain drivers who had completed trips in New Jersey, such as social security numbers and tax identification numbers.
Response from Uber
An Uber spokesperson acknowledged the breach, stating that the company was aware that the breach targeted Genova Burns, not Uber’s internal systems. The spokesperson confirmed that no customer data was impacted in this latest breach. However, affected drivers were notified and offered complimentary credit monitoring and identity protection services. Uber is no stranger to supply chain attacks, and this latest breach adds to the company’s list of cybersecurity challenges.
Steps Taken by Genova Burns
Genova Burns stated that it is unaware of any actual or attempted misuse of the information accessed during the breach. The law firm is taking additional steps to improve security and better protect against similar incidents in the future. While Genova Burns did not elaborate on the specific measures it is taking, it is clear that the law firm is taking cybersecurity seriously.
Data breaches are becoming increasingly common, and companies such as Uber must take proactive steps to protect their customers and partners. The latest breach, which targeted a third-party vendor, highlights the importance of cybersecurity due diligence and risk management. As companies continue to work with third-party vendors, they must ensure that these vendors meet the same high standards of cybersecurity as their own internal systems.