A security breach may have compromised the names and license numbers of 50,000 current and former Uber drivers.
While there are no reports yet of misuse of information, the on-demand car service company has reached out to the attorney generals in states where the drivers reside. Uber gave the affected drivers one-year free membership in an identity protection service and advised them to immediately report any fraudulent transactions.
The breach occurred in May 2014 on one of Uber's databases but was discovered only in September. The company immediately changed the access protocols for the database and launched an investigation. While the breach affected only a small percentage of Uber's drivers, the company is being critical of it.
"Uber takes seriously our responsibility to safeguard personal information, and we are sorry for any inconvenience this incident may cause," Katherine Tassi, Uber's Managing Counsel of Data Privacy, said in a statement on Friday.
Uber also filed a "John Doe" lawsuit in a San Francisco court to gather information and confirm the identity of the person who accessed the database once.
Timothy Ryan, a cybersecurity expert for risk mitigation firm Kroll, told The Los Angeles Times that names and license numbers are not enough for identity theft but can become a problem when combined with credit card information.