Uber Driver's Data Exposed After Law Firm's Breach
Uber, the ride-hailing giant, is again in the news for all the wrong reasons. The company had fallen victim to a data breach for the third time. This time, a private driver's data was hacked from a third-party firm, Genevo Burns, New Jersey.?
The law firm, specializing in employment and labor law, notified the affected drivers that their confidential information, including social security and tax identification numbers, had been compromised in its IT systems’ data breach.
How Did the Breach Take Place?
As per the current investigations, it is believed that the cyber attackers gained unauthorized access to the networks of the law firm using a phishing attack. As a result, the private data of Uber drivers, such as their Social Security and tax identification numbers, have been compromised and stolen.????
In a letter to affected drivers, Genova Burns shared some details about the breach:
“On January 31, 2023, Genova Burns noticed suspicious activity relating to our internal information systems. In response, we hired outside forensic and data security experts to investigate the nature and extent of the activity. We found that an unauthorized third party gained access to our systems, and certain limited files were accessed or exfiltrated between January 23, 2023, and January 31, 2023.”
Uber has not yet revealed the number of drivers impacted by this breach. However, the company confirmed that the stolen data included private information of drivers who had completed trips in New Jersey.
Uber has been struggling with data breaches for a while now. This is the third time the company has been hacked in just six months. In September 2022 , the company was forced to shut down many of its internal tools, communications, and engineering systems after suffering a cyber security incident.
Moreover, in December 2022 , over 77,000 Uber employees' personal details were leaked online after a cyberattack at Teqtivity, a firm that provided IT asset management services to Uber.?
The security of sensitive information is a significant issue for corporations, including Uber, particularly when the source of the breach is third-party access. An attack on Genova Burns, the firm responsible for managing Uber driver data, recently exposed numerous drivers' confidential details in the New Jersey region.
Although Uber has been criticized for inadequate management of past data breaches and failing to disclose them transparently to authorities and the general public, it is essential to recognize the challenges associated with preventing and dealing with breaches that stem from third-party access.
领英推荐
Automating Third-Party Risk Assessments with CyberArrow
As cyberattacks become more frequent, businesses must prioritize cyber security to safeguard their confidential data from third-party risks. Third-party risk assessments can help organizations identify vulnerabilities and manage third-party risk.?
However, managing third-party risk can be daunting for businesses, particularly in today's rapidly evolving cyber threat landscape. By automating third-party risk assessments, businesses can gain a comprehensive view of their third-party ecosystem and identify potential risks proactively.
Compliance automation platforms like CyberArrow can help businesses streamline the third-party risk assessment process, minimize manual effort, and ensure that all critical third-party relationships are assessed and managed effectively.?
CyberArrow helps organizations automate risk assessments, manage third-party risks, and strengthen their security posture.?
Automate third-party risk assessments and manage third-party risks with CyberArrow. Schedule a free demo today!
Helpful Resources
???Guarded: ?Share our newsletter with others