In October 2016, Uber experienced a data security incident that resulted in a breach of information related to rider and driver accounts.
Driver information included the names, email addresses and mobile phone numbers related to accounts globally. In addition, the driver's license numbers of around 600,000 drivers in the United States were downloaded. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers, or dates of birth were downloaded.
When this happened, we took immediate steps to secure the data, shut down further unauthorized access, and strengthen our data security.
We are directly notifying the affected drivers by mail or email and are offering them free credit monitoring and identity theft protection.
When we learned of the incident in November 2016, we took steps to contain and prevent harm, but we did not let drivers know. We think this was wrong, which is why we are now taking the actions we've described. We have seen no evidence of fraud or misuse tied to the incident.