GMB has instructed law firm Leigh Day to write to Uber on behalf of GMB drivers, and members who are customers, seeking clarification as to exactly what information was accessed in their recent data breach.
The letter follows reports British Uber users and drivers have seen their accounts accessed by Russian hackers and debited for journeys that they could not have taken.
The data breach only came to light this week after the new CEO, Dara Khosrowshahi, revealed in a blog post that hackers stole the personal information of 57 million worldwide Uber users and drivers.
The letter from Leigh Day will be sent ahead of potential legal action on behalf of Uber users.
On November 28, the European Commission’s Article 29 Working Party – which concerns data protection – opened a two-day meeting to discuss the Uber hack cover up.
Uber stated the hacked information “included” names, email addresses and mobile phone numbers of customers and drivers, but that their forensic experts “have not seen any indication” that more sensitive information, including customers’ financial information, has been stolen.
In Parliament, the Culture minister Matt Hancock said that the Government did not have sufficient confidence in the figure provided by Uber to reveal how many UK clients had been affected.
Uber has now revealed they paid two hackers a ransom of $100,000 to destroy the hacked information and then obtained “assurances” that this had occurred.
However, Uber failed to notify either the relevant regulatory authorities or those affected by the data breach.
Mick Rix, GMB National Officer said:
“Uber must clarify what information was accessed by hackers.
“There have been reports of thousands of UK Uber customers’ accounts having been hacked earlier this year and customers are being billed for taxi journeys in the Russian cities of Moscow and St Petersburg.
“Whilst it is not clear whether this is linked to the October 2016 data breach, it begs the question what Uber kept this critical information secret from our drivers and the public for more than a year.
“Frankly GMB are not reassured by the results of Uber’s internal forensic examination, or their reliance on assurances by criminals.”
Sean Humber, an information law specialist at Leigh Day said:
“So far, Uber’s belated explanation of what has happened has been unsatisfactorily complacent.
“They need to give a full account about exactly what happened and the extent to which affected customers and drivers may remain at risk.
“The allegations that some Uber customers have had their accounts hacked and billed for journeys they cannot possibly have made is a very worrying development.”