Uber confirms personal data of users exposed in breach
MANILA — Ride-hailing firm Uber Philippines (Uber Systems, Inc.) has confirmed that personal information of Filipinos users were included in the reported data breach involving over 50 million users and drivers worldwide, the National Privacy Commission said Tuesday.
Uber made the confirmation in a letter to the NPC on Monday.
However, Uber failed to provide the commission more information about the data breach, including the actual number of Filipinos affected and the “scope of their exposure.”
“Under the principle of accountability, we require personal information controllers within our jurisdiction to provide detailed information on the nature of the incident, the scope of the exposure, and the remedial measures taken,” the NPC said in a press statement.
Despite its failure to disclose more detailed information about the compromised Filipino data, Uber, according to the NPC, nonetheless declared the following:
• Two individuals outside Uber inappropriately accessed user data stored on a third-party cloud-based service that Uber uses.
• The two Uber employees who led the response to the data breach are no longer with Uber.
• The compromised data includes the names and driver’s license of around 600,000 drivers in the United States and some personal information of 57 million Uber users around the world. The information included names, email addresses and mobile phone numbers.
• The incident did not breach Uber’s corporate systems; there is no indication that trip location history, credit card numbers, bank account numbers, or dates of birth were downloaded.
• Filipino data subjects are affected, but there is no indication that any Filipino driver’s licenses were downloaded.
• Uber has implemented security measures to restrict access to and strengthen controls on their cloud-based storage accounts. (Philstar.com)