uber Keep accumulating bad news. AUR, the United Riders Association, a distributor group operating for various applications, filed a complaint Tuesday against Uber, the American multinational, which is accessible through El Periódico de Catalunya of the Prensa Ibérica group, alleging a failure to inform drivers or customers about a security breach that exposed personal data. The pressure is mounting as regulatory bodies scrutinize how swiftly and clearly consumers and workers were notified about the intrusion in Uber’s systems.
The Spanish Data Protection Agency (AEPD) has expressed disappointment that Uber did not personally inform those affected by the cyberattack, which targeted the company’s internal networks last September. The breach is reported to have exposed confidential information belonging to both drivers and Uber customers, including names, national identity numbers, and account-related details. The incident underscores the stakes of data protection in a global platform that relies on a large, dispersed workforce and a vast user base across North America and beyond.
As reported by major outlets, the breach appears to have followed a social engineering tactic aimed at one Uber employee. The attacker reportedly gained access through a compromised staff member and infiltrated internal communications channels. A message circulated among employees during the incident, signaling a breach and prompting a rapid response from the attackers who claimed control over parts of the network and threatened further disruption.
In response to the situation, Uber issued a concise notice via social media, indicating that the company was actively addressing the incident, coordinating with law enforcement, and promising ongoing updates as more information became available. The message reflected a commitment to transparency while the organization evaluated the scope and impact of the breach on its operational environment and data stores.
Subsequent statements from Uber asserted that the cyberattack did not grant unauthorized access to the production environment or the databases that store sensitive data. The company attributed the activity to a cybercriminal group known for corporate extortion tactics, with historical targets including major tech and hardware firms such as Microsoft, Samsung, and Nvidia. Despite these assurances, the AUR has maintained that Uber did not sufficiently reach out to delivery personnel or affected customers to warn them about the security incident, raising concerns about notification practices and trust in the company’s incident response process.