Transportation company Uber has released a statement about 2016's data hack, stating that about 380,000 users from Singapore have been affected. The US-based cab service stated on Friday, December 15, that the credit card or bank account details of its users have not been compromised. However, that does not make the risk any less real.
A statement uploaded on Uber's Help page explains that the figure of 380,000 users is not definite, rather it is "an approximation rather than an accurate and definitive count because, sometimes, the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives."
According to the company, immediate steps were taken to ensure that the data of its customers is protected when a breach was detected. Uber says it shut down unauthorised access and made its security system stronger. The breach is still being investigated by local authorities.
In a statement on Friday, the Personal Data Protection Commission said that Uber is in breach of the Personal Data Protection Act (PDPA). However, the company is working to remedy the situation, reported Today Online.
The Land Transport Authority (LTA) of Singapore has advised Uber to comply with the PDPA rules and ensure high standards of public accountability in relation to collecting and storing personal details of its users.
"We expect Uber to be fully transparent and cooperate with local regulators to disclose the extent of those (drivers and customers) that have been affected in Singapore," said the LTA.
Internationally, Uber users affected by the data breach include 170,000 in the Philippines, 2.7 million in the UK and 815,000 in Canada. Overall, 57 million users all around the world had their personal information compromised.
Uber CEO Dara Khorowshahi admitted in November 2017 that two hackers had gained access to Uber's data in late 2016. The stolen files had names, email addresses and phone numbers of riders, along with the names and license information of 600,000 drivers. The company said that the information has not been used for fraud yet and they have marked the affected users for extra protection.
After the news of the breach broke out, Uber was accused of paying the hackers US$100,000 to destroy the data and keep the leaked account details undisclosed. The crime was revealed only after Khosrowshahi took over as the CEO and found out about the incident.
"You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it," said Khosrowshahi while talking about the cyber crime.