Our sectors

To:
postbox@leighday.co.uk
We treat all personal data in accordance with our privacy policy.
Show Site Navigation

Lawyer for potential claimants writes to Uber following hack

Law firm Leigh Day has written to Uber on behalf of customers asking them to clarify exactly what information was accessed in their recent data breach

27 November 2017

The letter from information law specialist Sean Humber follows reports last week that some British Uber users had seen their accounts accessed by Russian hackers and debited for journeys that they could not have taken.

The data breach only came to light this week after the new CEO, Dara Khosrowshahi, revealed in a blog post that hackers stole the personal information of 57 million worldwide Uber users and drivers.

The letter from Leigh Day has been sent ahead of potential legal action on behalf of Uber customers. The London based law firm will also be writing on behalf of drivers represented by the GMB union.

Leigh Day has asked Uber to clarify what information was accessed by hackers. This follows reports of thousands of UK Uber customers’ accounts having been hacked earlier this year and customers being billed for taxi journeys in the Russian cities of Moscow and St Petersburg.

It is not yet clear whether this is linked to the October 2016 data breach. Uber stated that the hacked information “included” names, email addresses and mobile phone numbers of customers and drivers (with the licence plate details of drivers in the US also hacked) but that their outside forensic experts “have not seen any indication” that more sensitive information, including customers’ financial information, has been stolen.

Last week, in Parliament, the Culture minister Matt Hancock said that the Government did not have sufficient confidence in the figure provided by Uber to reveal how many UK citizens may be affected by the hack.

He told MPs: "At this stage, our initial assessment is that for Uber customers, the stolen information is not the sort of information that would allow direct financial crime.

"But we are working urgently to verify this further, and we rule nothing out." Uber have revealed that they paid two hackers a ransom of $100,000 to destroy the hacked information and then obtained “assurances” that this had occurred.

However, Uber failed to notify either the relevant regulatory authorities or the those affected of the data breach.

Sean Humber, an information law specialist at Leigh Day has written to Uber on behalf of affected customers seeking clarification from Uber of exactly what has happened. He will also be writing on behalf of drivers who have also potentially been put at risk.

This includes details of the dates of all data breaches suffered, the information stolen as a result of the breaches and the basis for Uber seeming to believe that no financial information was stolen and that the hackers destroyed the information stolen after being paid the ransom.

Sean Humber said: “So far, Uber’s belated explanation of what has happened has been unsatisfactorily complacent. They need to give a full account about exactly what happened and the extent to which affected customers and drivers may remain at risk.

"The allegations that some Uber customers have had their accounts hacked and billed for journeys they cannot possibly have made is a very worrying development.”

Mick Rix, GMB National Officer said: “Uber must clarify what information was accessed by hackers. “There have been reports of thousands of UK Uber customers’ accounts having been hacked earlier this year and customers are being billed for taxi journeys in the Russian cities of Moscow and St Petersburg.

“Whilst it is not clear whether this is linked to the October 2016 data breach, it begs the question what Uber kept this critical information secret from our drivers and the public for more than a year.

“Frankly GMB are not reassured by the results of Uber’s internal forensic examination, or their reliance on assurances by criminals.”

Information was correct at time of publishing. See terms and conditions for further details.

Share this page: Print this page

Let us call you back at a convenient time

We treat all personal data in accordance with our privacy policy.

Contact

More information