• Home
  • News
  • Coins2Day 500
  • Tech
  • Finance
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia
TechUber Technologies

Justice Department Probes Data Breach at Uber

By
Reuters
Reuters
Down Arrow Button Icon
By
Reuters
Reuters
Down Arrow Button Icon
December 18, 2015, 3:14 PM ET
App Car Service Startups Continue To Irk Traditional Cab Companies And Regulators
SAN FRANCISCO, CA - JUNE 12: A sticker with the Uber logo is displayed in the window of a car on June 12, 2014 in San Francisco, California. The California Public Utilities Commission is cracking down on ride sharing companies like Lyft, Uber and Sidecar by issuing a warning that they could lose their ability to operate within the state if they are caught dropping off or picking up passengers at airports in California. (Photo by Justin Sullivan/Getty Images)Photograph by Justin Sullivan — Getty Images

(Reuters) – The U.S. Department of Justice is pursuing a criminal investigation of a May 2014 data breach at ride service Uber, including an examination of whether any employees at competitor Lyft were involved in the episode, sources familiar with the situation said.

Earlier this year, Uber revealed that as many as 50,000 of its drivers’ names and their license numbers had been improperly downloaded. An investigation by Uber determined that an Internet address potentially associated with the breach can be traced to Lyft’s technology chief, Chris Lambert, Reuters reported in October.

Department of Justice spokesman Abraham Simmons said on Wednesday he could not confirm or deny a criminal probe. No one has been accused of any wrongdoing, and it is unclear whether anyone will ultimately be charged in connection with the breach.

A recently hired attorney for Lambert, former federal prosecutor Miles Ehrlich, said Lambert “had nothing to do” with the breach.

“Given that Uber apparently lost driver data, a law enforcement investigation is to be expected,” Ehrlich said. “And the benefit is that the culprit here is going to be identified – and that’s going to remove Chris’ name from any conversation about Uber‘s data breach, as it should.”

In a statement on Friday, Lyft said “we have not been contacted by the DOJ, U.S. Attorney’s office or any other state or federal government agency regarding any investigation.”

Uber declined to comment. The people familiar with the matter could not be named because they were not authorized to speak publicly.

SEARCH FOR HACKER

Lyft is much smaller than Uber, which operates in more than 300 cities in 67 countries and has raised $7.4 billion from investors. The companies, based in San Francisco, compete fiercely for drivers and customers.

Uber learned last year that someone downloaded its driver database, which should have been accessible only with a digital security key. A search for that key turned up a copy on the code-development site GitHub, where it had been left by mistake.

Uber then obtained information from GitHub about who had connected to that page before the breach and found only one Internet Protocol address that did not belong to an Uber user or have another plausible explanation, according to court documents.

Uber filed a civil lawsuit in San Francisco federal court in February in an attempt to unmask the perpetrator. The company’s court papers claim that an unidentified person using a Comcast IP address had access to the security key.

On its own, Uber investigated that address and determined that it had been assigned to Lambert, Reuters reported in October.

A U.S. Judge ruled that Uber could further probe the IP address, saying it was “reasonably likely” that such an inquiry could help identify the hacker. That ruling is on hold pending an appeal.

SWORN STATEMENT

Attorneys for the unnamed Comcast subscriber have pointed out in court that the data breach was conducted from a different IP address than the Comcast address that accessed the security key. Lyft said that Uber allowed the key for the database “to be publicly accessible for months before and after the breach.”

The IP address the hacker used is associated with Anonine, a virtual private network service based in Sweden that is known for vigorously protecting the privacy of its users, two people familiar with the situation told Reuters.

Ehrlich said Lambert offered to provide Uber with a sworn statement that he had nothing to do with the breach, made under penalty of perjury.

Lambert signed the statement over the summer, a separate source familiar with the situation said. In it, Lambert also said he was not aware of anyone who has copies of Uber‘s database, and that he did not instruct anyone to access it, the source said.

However, Lyft and Ehrlich declined to confirm or deny that Lambert’s Comcast address connected to the GitHub page containing the key. They also declined to give details about Lyft’s internal investigation of the matter.

Lyft reiterated on Friday that it investigated the matter “long ago” and concluded “there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber‘s May 2014 data breach.”

Uber‘s lawsuit alleges the hacker violated civil provisions of the federal Computer Fraud and Abuse Act, as well as a similar California law. It is unclear if the leaked driver information was ever used by the hacker or anyone else.

For more about Uber, watch this Coins2Day video:

About the Author
By Reuters
See full bioRight Arrow Button Icon
Rankings
  • 100 Best Companies
  • Coins2Day 500
  • Global 500
  • Coins2Day 500 Europe
  • Most Powerful Women
  • Future 50
  • World’s Most Admired Companies
  • See All Rankings
Sections
  • Finance
  • Leadership
  • Success
  • Tech
  • Asia
  • Europe
  • Environment
  • Coins2Day Crypto
  • Health
  • Retail
  • Lifestyle
  • Politics
  • Newsletters
  • Magazine
  • Features
  • Commentary
  • Mpw
  • CEO Initiative
  • Conferences
  • Personal Finance
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Coins2Day Brand Studio
  • Coins2Day Analytics
  • Coins2Day Conferences
  • Business Development
About Us
  • About Us
  • Editorial Calendar
  • Press Center
  • Work At Coins2Day
  • Diversity And Inclusion
  • Terms And Conditions
  • Site Map

© 2025 Coins2Day Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Coins2Day Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.