Uber has filed a John Doe lawsuit in the district court of Northern California as part of its investigation regarding a data breach of one its driver’s database.
Last year in on September 17th, Uber discovered that one of its databases had been accessed using a login key that was posted on a post on Github. The key was used to access Uber's internal database which houses information about 50,000 drivers.
Uber has begun reaching out to drivers whose information was stored in the breached database. The company has also provided a one year free membership of Experian’s ProtectMyID Alert to drivers whose information has been stolen.
Uber has also subpoenaed Github to share the IP addresses of anyone who visited a particular gist post (the login key used to access the database was posted there) between March and September 2014.
Uber shared the information about the breach through a post on its blog, on which it mentioned that the breach of data had occurred sometime around 12th May, last year. The files that were stolen from the database contained names and driving license numbers of its drivers, past and present. According to Uber, no case of misuse of any stolen data has been reported.
Questions have risen after the post was published on Uber's blog as to why the company did not come forward with the information earlier, and why were driver partners whose information was stolen and put at risk, not informed about the incident earlier?