clock menu more-arrow no yes

Filed under:

US reportedly pursuing criminal investigation for Uber data breach

Ride-hailing rivalry could result in criminal charges

Reuters is reporting via anonymous sources that the US Department of Justice is investigating the theft of thousands of Uber drivers' names and driver's license numbers that occurred in May 2014. The probe could implicate the ride-hailing company's main rival Lyft, which Uber accused months later of being responsible for the hack.

In February 2015, Uber disclosed that one of its main databases had been improperly accessed. The reason, Uber explained, was because one of the encryption keys required to unlock it had been compromised. A closer look revealed that an unauthorized third party had indeed accessed the database on May 13th, 2014. Thousands of driver names and license numbers were swiped.

Uber blames Lyft's CTO for the breach

The following month, it was reported that at least two separate vendors on dark web marketplace AlphaBay were selling active Uber accounts. It was unclear whether the auction had anything to do with the theft of the drivers' information.

Then, in October 2015, Uber filed court papers San Francisco that revealed as many as 50,000 names and numbers were illegally downloaded. Uber was suing to uncover the perpetrator, who, according to Reuters, was believed to be Lyft's chief technology officer, Chris Lambert. Sources told the newswire that an IP address affiliated with Lambert had been connected to the breach, but Reuters also admitted it could not independently verify that allegation. Lyft said it investigated the matter and found no evidence implicated Lambert.

It now seems the feds have reason to disagree. Count this among the many legal issues facing Uber in 2016 worth keeping an eye on. Uber declined to comment, while a spokesperson for Lyft said, "We have not been contacted by the DOJ, U.S. Attorney's office or any other state or federal government agency regarding any investigation."