Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Breach of Law Firm Genova Burns Impacts Uber Drivers

April 6, 2023

The Register reported on April 3 that Uber has had more of its internal data stolen from a third party that suffered a security breach. This time, the personal info of Uber drivers was taken by cybercriminals from law firm Genova Burns. Uber is a client of the law firm.

In a letter to affected drivers, the law firm said it had looked into the breach and went on to say, “The investigation determined that information you provided to Uber, including your name and Social Security number and/or Tax Identification number, was among the impacted data.”

Uber did not respond to The Register’s question about how many of its drivers had their records stolen. A spokesperson emailed this statement in response:

“In March we were notified by outside legal counsel, Genova Burns LLC, that they had suffered a security incident. Impacted information held by Genova Burns included information of certain drivers who had completed trips in New Jersey, including social security number and/or tax identification number. These drivers have been notified that their social security number and/or tax identification number have been potentially impacted and offered complimentary credit monitoring and identity protection services. Genova Burns indicates that they are not aware of any actual or attempted misuse of the information, and confirmed that they are taking additional steps to improve security and better protect against similar incidents in the future.”

Genova Burns said in its letter it first became aware of suspicious activity within its IT systems on January 31, and hired a forensic security team to investigate the incident.

As a result of that probe, the attorneys alerted law enforcement, changed all system passwords, and promised to take “additional steps to improve security and better help protect against similar incidents in the future.”

Affected individuals get 12 months of free identity monitoring services to compensate for their stolen data, which could be used for identity theft, or sold on cybercrime forums.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson