21 Dec 2017

Revealed: Around 100,000 Kiwis in global Uber hack

2:33 pm on 21 December 2017

About 100,000 New Zealanders were affected by a huge worldwide data hack, the Office of the Privacy Commissioner says.


Photo: RNZ / Diego Opatowski

Last month it emerged the ride-sharing company concealed a 2016 data hack that affected 57 million customers and drivers worldwide, including New Zealanders but it was not clear how many Kiwis were exposed. In the US alone, the hack affected 25.6 million customers and drivers.

The 2016 breach was hidden by the ride-sharing firm which paid hackers $100,000 ($NZ145,000) to delete the data.

A spokeswoman from the Office of the Privacy Commissioner said Kiwi customers and drivers were affected. However, Uber say the 100,000 figure relates only to customers, not drivers.

"We understand from Uber that there were approximately 100,000 New Zealand riders and drivers affected. For nearly all individuals, the downloaded files included name, email address and mobile phone numbers, the spokeswoman from the Office of the Privacy Commissioner said.

"We also understand that there is no indication that trip location history, credit card numbers, bank account numbers, or dates of birth were in the files that were downloaded."

She said there had not been any complaints directly from affected individuals.

The Privacy Commissioner John Edwards previously described the one-year gap between the breach and Uber notifying the office as unacceptable. Uber headquarters said the 57 million names, phone numbers, and email addresses were downloaded, but credit card and bank account information was not.

Within that number, 600,000 drivers had their names and licence details exposed.

no caption

John Edwards. Photo: supplied

The office said Uber has contacted all the New Zealanders with licence numbers in the downloaded files and provided all those drivers with identity theft protection.

Uber has also said there does not appear to be any evidence of fraud or misuse and the downloaded accounts were being monitored.

This week, the European Union ruled the ride-share company can be regulated like traditional taxis and earlier this month a US court was told Uber set up a covert unit tasked with stealing competitors' secrets.

Uber New Zealand said the Office of the Privacy Commissioner was informed earlier this month about the number of people affected.

"We take this matter very seriously and we are happy to answer any questions regulators may have. We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to regain the trust of consumers."

She said the 100,000 figure relates to customers only in New Zealand, not drivers. Only drivers in the US were affected, she said.