Home / Tech News / Uber hacking: customers not at risk of financial crime, says minister

Uber hacking: customers not at risk of financial crime, says minister

There is no evidence that Uber customers who had their personal details stolen are at risk of direct financial crime, a minister has insisted, despite hundreds of users complaining that their accounts have been hacked from Russia.

The digital minister, Matt Hancock, told the House of Commons, on Thursday, that the government was still trying to gauge the number of people in the UK affected by the global breach of the personal information of 57 million customers and drivers in October last year, which the company initially concealed.

On Thursday, the Times reported that more than 800 people in Britain and the US have complained on Twitter of having their accounts hacked by Russians and being billed in roubles for taxi journeys in Moscow and St Petersberg.

Those hacks could be unrelated to last year’s breach but since the October attack came to light on Monday, some users have suggested there is a link , despite Uber’s protestations that there was “no evidence” of fraud or misuse of accounts as a result of the hack.

Lauren Rees

Uber concealed huge data breach – I knew I wasn’t going bloody crazy when my details kept changing to a Russian phone number and details. It was impossible to change back and Uber support were not helpful in the slightest. No wonder..! https://t.co/hEQcLP55mr

November 21, 2017

Cyril S.

@asherter my phone was hacked via uber and it showed the uber map with a car coming to pick me up in St. Petersburg Russia and I was charged 3200 rubles and 1800 rubles that the bank reversed the charge. Urber contacted me and asked me to implement two factor authentication.

November 22, 2017

Responding to an urgent question by the Labour MP, Wes Streeting, Hancock said: “At this stage our initial assessment is, for Uber customers, that the stolen information is not the sort of information that would allow direct financial crime but we are working urgently to verify this and we rule nothing out.”

He urged Uber customers and drivers to monitor their accounts carefully and report any irregularities, adding: “People just need to make sure they do not respond to a phishing email.”

Hancock was not directly asked about the reports of hacking of people’s accounts from Russia. However, the minister did say that the 2016 attack appeared to have been perpetrated from outside the UK.


.@Uber I’ve been hacked, someone in Moscow has used my account and charged my card £54.55. Why didn’t what is mentioned in the pic happen?? pic.twitter.com/9EmGBskiTK

April 24, 2017

Kalpesh Mehta

@Uber @Uber_Support my uber got hacked! Pls remove my credit card from your system asap. #uber pic.twitter.com/pRHZeHtmMQ

April 25, 2017

Streeting said it was “outrageous” that Uber had not told the government yet how many people in the UK had been affected by the breach in October last year. “What assurances do we have that the data of Uber customers and drivers isn’t in the hands of hackers or criminals today?” he asked.

After a report by Bloomberg, Uber’s chief executive revealed on Tuesday that a third-party server had been infiltrated in late 2016.

A ransom of $100,000 (£75,500) was paid to hackers so they would delete the data and keep the security lapse quiet.

Stolen information included names, email addresses and mobile phone numbers, as well as the names and number plates of 600,000 drivers in the US.

Hancock confirmed that the UK authorities were not told of the breach before Uber spoke to the media.

The Information Commissioner’s Office (ICO) has warned Uber it could face fines as a result of the breach. At the moment the maximum fine is limited to £500,000 but Hancock said the government was looking to boost the ICO’s powers under a new bill.

He said delayed reporting of breaches was already an aggravating factor but the new legislation would oblige companies to to report breaches “likely to impact on data subjects to the information commissioner within 72 hours of becoming aware of it and in serious cases will also have to notify those affected by the breach”.

Hancock said non-compliant companies could face fines of £18m or 4% of global turnover.

Check Also

Dashcam of emus ‘deliberately run down’

WARNING: Confronting. DISTURBING dashcam footage in Western Australia appears to show five emus being chased …

Leave a Reply

Your email address will not be published. Required fields are marked *