In October 2016, Uber experienced a data security incident that resulted in a breach of information related to rider and driver accounts.
For drivers, this information included the names, email addresses, and mobile phone numbers related to accounts globally. In addition, the driver's license numbers of around 600,000 drivers in the United States were downloaded. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, or dates of birth were downloaded.
In the United States this incident involved approximately 25.6 million riders and drivers. These numbers are an approximation rather than an accurate and definitive count because sometimes the information the we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives.
When this happened, we took immediate steps to secure the data, shut down further unauthorized access, and strengthen our data security.
We are directly notifying the affected drivers by mail or email and are offering them free credit monitoring and identity theft protection.
When we learned of the incident in November 2016, we took steps to contain and prevent harm, but we did not let drivers know. We think this was wrong, which is why we are now taking the actions we've described. We have seen no evidence of fraud or misuse tied to the incident.
We are in the process of sending out notifications to the affected drivers, but you can check whether your account was included in those with downloaded driver's license numbers by reaching out below.