(Updated 07:08 am PT with information on the GitHub subpoena)
Uber reported Friday that it was hacked last year, resulting in an unauthorized access to 50,000 drivers’ names and license plate numbers by a third party.
In a post on its corporate blog, the app-based car service company said it discovered the breach in September, although it’s not clear why it waited until now to make the event public. The post noted that an investigation showed the breach had been conducted on May 13, 2014.
A “John Doe” lawsuit has been filed by the company, at least initially to provide a legal vehicle for collecting information.
Uber has subpoenaed developer collaboration site GitHub, seeking the IP addresses of anyone who viewed a specific post — which apparently contained a login key — from March to September of 2014. GitHub has declined to voluntarily turn over the information.
After discovering the attack, User said, it changed protocols for the database and notified the drivers.
“We have not received any reports of actual misuse of information as a result of this incident,” the company posted, adding that it has contacted the drivers and offered a free one-year membership to Experian’s ProtectMyID Alert.
The approximately 50,000 drivers whose data was lifted are spread out across “multiple states,” Uber said, and represent only a small percentage of the total number of current and former drivers.