No link between global security breach and Singapore user being fraudulently charged for rides: Uber

Uber Singapore said that the ride-sharing company's global security breach was not related to a recent case where a Singaporean woman was charged more than $1,300 for "phantom rides".
Uber Singapore said that the ride-sharing company's global security breach was not related to a recent case where a Singaporean woman was charged more than $1,300 for "phantom rides".PHOTO: EPA-EFE

SINGAPORE - Uber said on Wednesday (Nov 22) there is no link between a customer in Singapore being fraudulently charged more than $1,300 for rides recently, and a massive global security breach of its platform last year (2016).

An Uber Singapore spokesman said it has "no reason to believe" the two events are related, because during last year's incident, its corporate systems or infrastructure had not been breached.

"Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, NRIC (number) or dates of birth were downloaded," the spokesman added.

On Tuesday (Nov 21), reports said Uber had covered up a security breach in October 2016, which exposed the personal information of about 57 million accounts on the ride-hailing platform.

The controversy, which involved Uber paying hackers US$100,000 (S$135,000) to keep secret the breach, was first reported on Bloomberg News.

Separately, in Singapore, an Uber customer Jenna Lim posted on Facebook recently that she had been charged more than $1,300, for some 30 transactions over a five-day period, starting from Nov 13. "I believe someone from the US hacked into Uber's security system and attained my bank account info," Ms Lim wrote.

Uber Singapore, however, said the two incidents are not related, and it is working with Ms Lim to refund the charges.

It is also investigating three other cases of customers being charged for "phantom rides", which have been reported in the media.

 
 

"We would like to assure the public that payment information is encrypted when you enter it into the Uber app," the Uber Singapore spokesman said.

Asked if any Singapore users were affected by the October 2016's global security breach, the spokesman replied: "We are in the process of notifying various regulatory and government authorities and we expect to have ongoing discussions with them.

"Until we complete that process we aren't in a position to get into any more details," the spokesman added.

When contacted, the Personal Data Protection Commission said it is aware of the breach and is in touch with Uber to get more details.