Skip to main content

Advertisement

Advertisement

Almost 400,000 Singapore users affected by Uber data breach

SINGAPORE — About 380,000 Singapore users of ride-hailing firm Uber were affected by last year’s massive data breach, the United States-based company said on Friday (Dec 15).

Uber said the figure of 380,000 Singapore users affected by the data breach was “an approximation rather than an accurate and definitive count". TODAY File Photo

Uber said the figure of 380,000 Singapore users affected by the data breach was “an approximation rather than an accurate and definitive count". TODAY File Photo

Follow TODAY on WhatsApp

SINGAPORE — About 380,000 Singapore users of ride-hailing firm Uber were affected by last year’s massive data breach, the United States-based company said on Friday (Dec 15).

However, the breach did not compromise any of their credit card or bank account numbers, it assured.

On its website, Uber said the figure of 380,000 Singapore users was “an approximation rather than an accurate and definitive count because, sometimes, the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives”.

Uber took immediate steps to secure its data when the breach happened, shut down further unauthorised access and strengthened its data security, the company added.

Local authorities are investigating the latest revelations.

The Personal Data Protection Commission said in a statement on Friday that it is investigating whether Uber breached the data protection provisions of the Personal Data Protection Act (PDPA), and that Uber has taken steps to address the breach.

The Land Transport Authority (LTA) said Uber should comply with the PDPA in relation to the personal data it collected of its commuters or drivers, and be held to high standards of public accountability.

“We expect Uber to be fully transparent and cooperate with local regulators to disclose the extent of those (drivers and customers) that have been affected in Singapore,” the LTA added.

Over in the Philippines, the Philippine National Privacy Commission said that more than 170,000 Filipino drivers and passengers were affected by the data breach. Meanwhile, the number of affected Uber user accounts in the United Kingdom stood at 2.7 million, while Uber Canada said that 815,000 Canadian riders and drivers may have been affected.

According to Sanjay Aurora, Managing Director (Asia-Pacific) of cyber security firm Darktrace, cyber security is "no longer a challenge that can be tackled by humans alone".

"It’s clear that companies have a huge visibility problem – they simply cannot see what is happening inside their own networks," he said. "With networks expanding in digital complexity and threats becoming more sophisticated all the time, organisations need to arm up with AI technology that augments human security teams, by autonomously detecting and responding to early-stage or in-progress attacks across entire networks."

Last month, Uber chief executive officer Dara Khosrowshahi acknowledged in a blog post on the company’s official website that, in 2016, two hackers broke into a third-party cloud-based system that contained the private information of its customers.

The files they stole included names, email addresses, and mobile phone numbers for riders, and the names and driver license information of some 600,000 drivers. Mr Khosrowshahi said that the hackers also compromised personal data from some 57 million riders and drivers.

Co-founder and ousted chief Travis Kalanick was advised of the breach shortly after it was discovered, but it was not made public until Uber’s new boss Mr Khosrowshahi, who began helming the company in September, found out.

On Friday, Uber said on its website that it does not believe individual riders need to take any action following the breach. Users should monitor their accounts regularly and report anything unusual.

“We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection,” it added.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.