Riders denounce Uber for a cyberattack that exposed their data

uber keep piling up bad news. The Unified Riders Association (AUR), a group of distributors that operate for different applications, has filed a complaint on Tuesday against the American multinational —to which EL PERIÓDICO has had access— for allegedly not having notified the ‘riders‘ or customers from a security breach that exposed their personal data.

The claim, registered with the Spanish Data Protection Agency (AEPD), regrets that Uber “has not personally informed” those affected by a cyber attack that last September managed to affect the internal systems of the company. This computer attack would have involved the leaking of confidential personal data such as names, surnames, national identity documents and account numbers of both the drivers and the Uber customers.

As explained’The New York Times‘, a cybercriminal launched a social engineering attack against one of the employees of the mobility provider company. Through that clerk, he could sneak into slack, the internal communication systems used by Uber. “I announce that I am a hacker and Uber has suffered a data breach,” the attacker said in a message sent to all company employees.

Related news

Following that news, Uber released a message on Twitter: “We are currently responding to an incident of cybersecurity. We are in contact with law enforcement and will post additional updates here as they become available.”

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.

— Uber Comms (@Uber_Comms) September 16, 2022

Shortly after, Uber assured that the cyberattack had not managed to access the company’s production environment or compromise the databases in which confidential information is stored. The company blamed the attack on an actor affiliated with Slips$, a group of expert cybercriminals in corporate extortion that last year already hit companies like Microsoft, Samsung or Nvidia. However, in its complaint, AUR ensures that Uber did not contact the delivery drivers or the customers affected by this security breach.