Turkish Personal Data Protection Authority investigates breach claims at Uber technologies
Learn More
On July 10, 2024, the Personal Data Protection Authority (KVKK) reported a data breach involving Uber Technologies Inc. The announcement revealed that Uber had informed KVKK of the breach in compliance with Article 12(5) of the Law on Protection of Personal Data No. 6698.
According to the KVKK, on July 2, 2024, the data controller (Uber Technologies) received an email from an individual threatening to publicly release personal data potentially sourced from Uber.
The exact timing and origin of the breach remain undetermined, and investigations are ongoing. The breach apparently impacts Uber users, including passengers and individuals ordering food, as well as drivers and delivery personnel.
The compromised data for Uber users may include:
- Names
- Email addresses
- Phone numbers
- Profile photos
- Registration dates
- Score information
For drivers and delivery people, the potentially exposed data includes:
- Driver's licenses
- Insurance details
- ID cards
- Vehicle registrations
- Checks related to the duty of care
The scope of the affected personal data and the number of impacted individuals are currently unknown, as well as the nature of the attack.
